Data protection and data security

“Cyber security is a matter for the management.”

What does the increase in cyber attacks mean for the healthcare system in Switzerland? And what are the key protective measures that a company can take? Pascal Lamia, the Swiss Confederation’s Deputy Delegate for Cyber Security and Head of Operational Cyber Security at the National Cyber Security Centre (NCSC), provides answers.

Text: Michèle Vaterlaus, Image: National Cyber Security Centre (NCSC), 

Reports of successful cyber attacks are on the rise. Whereas in the past you heard of them mainly happening in the US, cyber attacks are now increasing in Switzerland too. Is the situation getting worse?

Pascal Lamia: With the advancement of digitalisation and the associated reporting, companies’ and private individuals’ awareness of cyber security has increased. This means that incidents are more likely to be reported and victims of attacks are more likely to go public. The NCSC has noted a sharp increase in cyber incident reports in recent months. It can therefore be concluded that not only has awareness of cyber attacks increased, but also the cyber attacks themselves.

What are the biggest risk factors for a cyber attack on a company?

Lamia: The list of possible entry points is long. The greatest risks are systems that aren’t up to date or poorly secured remote access. However, in addition to the technical risks, insufficiently trained employees also pose a risk, since a lot of damage can already be prevented by staff doing the right thing. For this reason, it is very important to make employees aware of the topic and keep them informed of current cyber threats.

What can companies do to better protect themselves against cyber attacks?

Lamia: Cyber security is a matter for the management. If those in charge operate a comprehensive risk management system that includes cyber risks and ensures the most important organisational and technical protective measures are in place, an important step has already been taken.

Pascal Lamia is the Swiss Confederation’s Deputy Delegate for Cyber Security and Head of Operational Cyber Security at the National Cyber Security Centre (NCSC).

Pascal Lamia is the Swiss Confederation’s Deputy Delegate for Cyber Security and Head of Operational Cyber Security at the National Cyber Security Centre (NCSC).

What are the main protective measures?

Lamia: I’ll mention the five most important protective measures. Firstly, patch management and life-cycle management. Security updates must be installed consistently and in a timely manner. Secondly, blocking dangerous email attachments, as well as macros in Office documents. Thirdly, securing remote access with two-factor authentication. Fourthly, offline backups. Data backups should be carried out regularly and then separated from the network. And fifthly, as already mentioned, it is essential to make employees aware of the topic. When provided with regular training, they can make a significant contribution to a company’s cyber security.

Which companies are particularly vulnerable to cyber attacks? Is there a difference between large corporations and SMEs?

Lamia: The size of a company plays a secondary role when it comes to cyber attack risk. Many companies that don’t appear to be obvious targets for a cyber attack are nevertheless exposed. This is because many attackers operate on a mass scale: they try to reach as many targets as possible that yield less profit but are easy to attack. All systems that are insufficiently protected or have a vulnerability are therefore at risk.

Media reports of attacks in the healthcare sector are also becoming more common. These include the recent attacks on two medical practices in Neuchâtel, a retirement home in Rotkreuz and the Pallas clinics last year. What makes healthcare facilities so attractive to cybercriminals?

Lamia: Attackers are targeting all vulnerable systems, regardless of what industry they belong to. The targets you mentioned received media attention because the stolen data was of a sensitive nature, and concern among the population was particularly great as a result.

What do the increasing number of cyber attacks on the Swiss healthcare system mean?

Lamia: Cyber security is a topic that will continue to gain importance in the future and will therefore require corresponding investment. Companies in all sectors need to address cyber security, take cyber threats seriously and also take suitable protective measures.

What specific advice do you have for medical practices to protect themselves?

Lamia: An important step in protecting against cyber attacks is to be aware that cyber threats exist, adapt your actions accordingly and implement the basic protection measures. Companies that lack knowledge of cyber security should outsource their IT security to external security specialists.

Is digitalisation of the healthcare sector at risk due to the increase in cyber attacks?

Lamia: Cyber incidents go hand in hand with digitalisation, and they must be dealt with appropriately. It’s almost impossible to imagine daily life without technological advances, which are becoming increasingly important for the economy and the population. Therefore, cyber security concerns us all. It is a challenge that we must solve together. With this in mind, the Federal Council launched the National Cyber Security Centre in 2020 to help the public, businesses, educational institutions and government bodies to protect themselves against cyber risks.

What is Swisscom Health doing in terms of data protection and data security? You can find more information on our website.  

Security in curaMED

curaMED is a cutting-edge, web-based practice information system. Updates are automatically installed, ensuring the system is constantly kept up to date and secure. Our customers don’t have to worry about backups either, since Swisscom Health takes care of that. What’s more, various firewalls analyse incoming connections to ward off hacker attacks. Data availability and the highest level of data security can be ensured thanks to comprehensive monitoring by Swisscom and a global team of over 3,500 cyber security experts. For an added layer of security, curaMED offers two-factor authentication for remote access.

In addition, Swisscom Health has its systems tested by specialist companies. These regular security tests are intentional attacks on our own infrastructure before cybercriminals strike.

Guides and checklists

On its website, the Swiss Confederation’s National Cyber Security Centre (NCSC) publishes a variety of guides and checklists on how private individuals, companies and authorities can protect themselves against cyber threats: 

> Find out more


The NCSC also reports on new attack methods in its weeks in review:

> Find out more

More on the topic: