Submitted text
The Federal Council is instructed to work with the cantons to examine how well protected Swiss hospitals are against cyberattacks. It should also analyze the specific challenges faced by hospitals in the area of cyber security and clarify what preventive measures would be effective in ensuring that hospitals are protected against cyber attacks.
Justification
Swiss hospitals manage large amounts of highly sensitive personal data and operate vital systems. A successful cyberattack could therefore not only result in serious data protection breaches, but also acutely jeopardize medical care. At the same time, hospitals face particular challenges in the area of cyber security. These include the decentralized structure of the healthcare system, a large number of interfaces between service providers, health insurance companies and patients, and an inconsistent level of digitalization.
As the Federal Council stated in its response to the Interpellation 24.4014 noted that in recent years, “in other countries (e.g. France, England) there have been various successful cyberattacks with a direct impact on the operation of large hospitals”. Although Switzerland has so far largely escaped major cyberattacks on hospitals, there are indications that this is due more to coincidence than to effective protective measures. For example, a Report published by the National Cybersecurity Test Institute (NTC) at the end of January 2025 showed that three hospital information systems that are essential for Swiss hospitals had “serious vulnerabilities” at the time of the test. The NTC writes that “cybersecurity reviews are urgently needed”. It concludes that these appear to be “common problems in the industry”, which indicate “a lack of awareness of cyber security among manufacturers as well as insufficient controls by hospitals”.
In view of this apparently widespread deficiencies in the cyber security of hospitals it is urgently necessary for the Federal Council, together with the cantons, to examine which measures would be suitable for improving the security situation. This is the only way to ensure the protection of patients and the maintenance of medical care