Swedish Healthcare Guide, a telephone service that provides Swedes with healthcare information, is likely to be in breach of GDPR after it was discovered that 2.7 million unique voice recordings from the service had been left on an unencrypted, publically accessible server.

The server, which was used to store recordings of phone calls to the Swedish Healthcare Guide service in real-time, held over 170,000 hours of calls. Some dated back as far as 2013.

Many of the calls include the discussion of sensitive healthcare details, while some include social security numbers. A small percentage of the files even include phone numbers in the file names.

The data was available online without any form of password protection or other security, meaning anyone who came across it was able to download and listen to the calls.

Given the sensitive nature of the calls, and the onus on personal data security under GDPR, it is highly likely that Swedish Healthcare Guide is in breach of the regulation.

Swedish Healthcare Guide “should be held accountable”

The leak, which is likely to have impacted a large percentage of the 10 million people living in Sweden, is a particularly severe example of the consequences of mishandling personal data.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“For a breach like this to occur in the healthcare industry is rather shocking as it’s known for handling sensitive data, and organisations can look to the HIPAA regulation as a standard even when it doesn’t apply to them,” commented Anjola Adeniyi, technical account manager at Securonix.

Given the severity of the leak, regulators would have good justification to bring the full force of GDPR down on the service.

“It’s often said that Sweden tops the world rankings for best healthcare, however in this instance the Swedish Healthcare Guide service has failed in its corporate governance and duty of care to its patients and citizens,” said Adeniyi.

“GDPR has a clear stance on how personally identifiable information should be handled, which the Swedish Healthcare Guide service has failed to meet and consequently they should be held accountable.”


Read more: Chinese facial recognition database leak exposes millions, but is “just the start”