La empresa médica, Medicall, that provides assistance to Swedish citizens without the need to go to a consultation, recorded all calls of its patients on a web server, without password, since 2013.
The web server where this information was stored did not require any kind of verification for users who accessed it. The only thing needed was to know the address where it was hosted, which is currently not available.
The calls were ordered by date and displayed additional information about the patients such as their phone number, this allowed them to be identified.
In the call recordings not only the symptoms the patients had were stored, but in some cases, they were also asked for their social security number or other private data.
The company's CEO, Tommy Ekström, assured that the events are being investigated and that he regrets what happened. Aclaró que actualmente muchas partes del servicio que ofrece la compañía se externalizaban a otras empresas.
A pesar de todo esto, es recomendable que las empresas realicen auditorías periódicamente para asegurarse de que sus datos están protegidos y que su infraestructura está bien organizada.