Swiss hospitals join forces against cyberattacks
Cyber security is to be improved in Swiss hospitals nationwide. A national "Healthcare Cyber Security Center" has been established for this purpose.
(Image: Ground Picture/Shutterstock.com)
In Switzerland, 22 hospitals, clinics and the Swiss Health Informatics Association have joined forces and founded the "Healthcare Cyber Security Center" (H-CSC) association. One of the aims is to set up a kind of early warning system to identify IT risks in the healthcare sector in order to better prepare hospitals for cyberattacks. To this end, common protection standards and best practices are to be developed by exchanging information on attacks.
According to the H-CSC, attacks from the network not only endanger sensitive data, but also the lives of patients and the continuity of medical services. Considering these threats, it is crucial for Swiss hospitals to strengthen their cyber resilience and improve their ability to respond quickly to attacks.
And many Swiss hospitals want to do this together in future as part of the national cybersecurity center for healthcare facilities. "Cyber attackers have been working together for a long time – we hospitals still do too little on this issue. We are now changing this and overcoming this asymmetry," says Erik Dinkel, Chief Information Security Officer (CISO) of the University Hospital Zurich and President of the H-CSC.
Attacks from the network would have a significant impact on hospital operations: Operations would have to be postponed, patient data would not be available, life-saving equipment could fail. "In the healthcare sector, cyber incidents can have a serious impact on people's health and safety, which makes the need to be better prepared against such attacks all the more urgent," says National Councillor Patrick Hässig (Green Liberal Party, GLP), initiator of a parliamentary question on the status of Swiss hospitals' protection against cyber attacks.
Recommendation of the Swiss Federal Office for Cyber Security
The H-CSC was ultimately founded on the recommendation of the Swiss Federal Office for Cyber Security. Because "the question is not whether an attack will take place, but when. Cyber criminals around the world are increasingly targeting healthcare facilities," says the H-CSC. They are attractive targets for sinister attackers from the vastness of the internet due to their dependence on networked systems, time-critical processes, and the potential risks to patient safety.
Videos by heise
Michel Buri, CISO of Valais Hospital, points out: "In healthcare, cybersecurity doesn't protect machines, it protects patients' lives and privacy. It is the basis for cyber resilience, the shared responsibility of all hospitals to ensure continuity of care. Protecting data means healing!"
Especially with the increase in "cyber operations in armed conflicts", critical civilian infrastructures – such as hospitals – are increasingly being targeted. Recently, both the medical sector and humanitarian organizations have been targeted, which highlights their vulnerability in the context of modern digital warfare, emphasizes the H-CSC.
Vulnerabilities in medical devices and co.
The H-CSC defines current challenges for the cybersecurity of healthcare facilities in Switzerland in various areas. For example, greater sector-specific expertise is needed, as the general guidelines for cybersecurity do not sufficiently address the specific threats to healthcare facilities. According to the H-CSC, examples of this include vulnerabilities in certified medical devices, the protection of outdated but medically outstanding clinical systems, or the correct handling of sensitive and highly regulated data under constant time pressure (e.g. in ambulances, emergency rooms).
The H-CSC also notes the burden of high costs and expenses in procurement processes. For example, all healthcare facilities currently create practically identical requirements documents for the evaluation of necessary IT security systems and services. Now such documents can be developed together via the H-CSC, which also improves their quality, as lessons can be learned from the mistakes of others. A joint approach to purchasing cybersecurity solutions strengthens the negotiating position and helps to save time, effort and money.
A strong alliance could also reduce dependence on external security solution providers by building up its own in-depth IT security expertise. It could even create its own customized IT security solutions for the specific security needs of Swiss hospitals or in the field of medical technology. This is according to one of the H-CSC's objectives.
Darknet monitoring
The range of services for H-CSC members is to be expanded, for example with a "darknet monitoring" service, i.e. monitoring the darknet for possible leaks of healthcare data (domains, e-mail addresses, accounts, passwords), including dedicated regular alerts to affected hospitals. The activities of the H-CSC are rounded off by a series of specialist conferences and practical seminars. Membership of the association has been open to all hospitals with a public service mandate since the beginning of September 2025. 20 other healthcare institutions have already expressed great interest, Sophie Nägeli, Secretary General of the H-CSC, told heise online.
(kbe)
