Working Together to Increase the Cyber Security of Swiss Hospitals

The «Healthcare Cyber Security Center (H-CSC)» project aims to build a national cyber security organisation to strengthen synergies and collaboration in cyber security for Swiss hospitals, consolidating expertise and supporting them in cyber incidents.

Members
Contact

NCSC as Partner

Following a recommendation made by the Swiss National Cyber Security Centre (NCSC), in September 2024 twelve university and cantonal hospitals and the Vereinigung Gesundheitsinformatik Schweiz (Swiss as-sociation for health informatics, vgi.ch) launched the H-CSC project.

Platform for synergies

The goal of the project is to establish an association that provides sector-specific cybersecurity services for Swiss hospitals. The H-CSC is intended to serve as a platform to promote knowledge exchange and collaboration among hospitals, expanding existing capabilities, and creating synergies that sustainably strengthen their ability to prevent, detect, and contain cyber incidents.

2025 Summer

Founding of the H-CSC association

Project members

Contact form

Please fill out the form and we will contact you as soon as possible.

    By submitting this contact form, you agree that H-CSC may contact you regarding your inquiry.


    Background

    Threats and current challenges

    The threat of cyber-attacks on hospitals is real and prevalent. The question is not if an attack will occur but when. Globally, cyber criminals are increasingly targeting healthcare facilities.

    Cyber-attacks, such as ransomware or malware, not only put at risk sensitive data (“Privacy”) but also patients’ lives (“Patient Safety”) and the continuity of medical services (“Business Continuity”). Considering these threats, it is critical for Swiss hospitals to enhance their cyber resilience and improve their ability to respond swiftly to attacks.

    Currently, Swiss hospitals are confronted with many challenges in cybersecurity. In particular:

    • Limited cybersecurity knowledge in healthcare: Existing information sources do not specifically cover threats to Switzerland’s healthcare sector, making cyber risk management harder for hospitals.
    • Lack of structured exchange mechanisms: There is no formalized exchange between healthcare organizations for threat intelligence sharing. IT and IT-security teams operate independently instead of leveraging collective knowledge and resources.
    • Lack of cybersecurity expertise within hospitals: Many medium and small hospitals lack the internal expertise and resources needed to establish comprehensive cybersecurity measures.
    • Lack of maturity in the medical software and device market: While a limited number of global manufacturers currently demonstrate a good level of cybersecurity maturity, the market average remains too low and does not comply with the applicable state of the art. Hospitals frequently face inappropriate cybersecurity choices imposed by manufacturers.
    • High costs for procurement and tenders: Each hospital conducts its own public tender processes, in particular for medical applications and devices, leading to duplicated efforts and high costs.

    The H-CSC association fills these gaps by offering specialized cybersecurity services for the healthcare sector and fostering collaboration between Swiss hospitals to meet their specific security requirements, based on the model of existing cybersecurity centres.