www.swissinfo.ch August 28, 2025 -
Swiss health groups found national cyber-security centre to warn against cyber attacks.
The cantonal hospital authorities of Ticino and Graubünden are among the founders of the Healthcare Cyber Security Centre (H-CSC).
The premise is that “hospitals are tempting targets for cybercriminals, since they handle large quantities of sensitive data,” said H-CSC as it was officially established in Thurgau.
The initiative in Ticino was also joined by the Gruppo ospedaliero Moncucco, which brings together the Moncucco clinics in Lugano and Santa Chiara in Locarno, and a Graubünden foundation made up of health care associations, including the Thusis hospital.
Founding members also include the university hospitals of Basel, Bern and Zurich, but not in Geneva and Lausanne.
French-speaking institutions are clearly under-represented – the Fribourg and Valais hospitals are the only members from this region. But H-CSC is set to grow. “Membership of the association will be open from 1 September 2025 to all hospitals with a public service mandate”.
The H-CSC project was launched last year on the recommendation of the Federal Office for Cyber Security. The aim of the association is to offer tailor-made security services for hospitals in the field of cyber security.
The H-CSC (https://www.h-csc.ch/) will serve as a platform to promote knowledge exchange and collaboration between hospitals, expand existing competencies and create synergies that will “sustainably strengthen their ability to prevent, detect and contain cyber incidents”, the association’s website states.
Such incidents can “severely compromise the functioning (of hospitals), causing the postponement of surgeries, encryption and/or disclosure of sensitive patient data, or the inoperability of medical devices.”
bangkokpost.com - A major private hospital in Thailand has been fined 1.2 million baht after paper patient records were found being used as snack bags, according to the country’s data protection watchdog.
The incident was among five major cases reported on Friday by the government’s Personal Data Protection Committee (PDPC), along with penalties imposed against entities for violating data laws.
The hospital, which was not named, came under scrutiny after paper files from its patient registry were found being used as pouches for crispy crepes, known locally as khanom Tokyo.
The committee’s investigation revealed that over 1,000 protected files had been misplaced after being sent for destruction.
The hospital said it had entrusted document disposal to a small business but failed to follow up. The business owner admitted fault, explaining the documents were leaked after being stored at their home.
The PDPC fined the hospital 1.21 million baht. The disposal business owner was fined 16,940 baht.
In another case, the committee revealed that a state agency leaked the personal information of over 200,000 citizens after a cyber-attack on its web application. The data was later posted for sale on the dark web.
An investigation found inadequate security measures, such as weak passwords and no risk assessment, as well as the absence of a data processing agreement with the web app developer.
A combined fine of 153,120 baht was imposed on both the agency and its private contractor.
The other three cases involved leaks from online retailers and distributors, with fines ranging from 500,000 to 7 million baht.
Since 2024, the PDPC has concluded six cases of personal data violations, totalling 21.5 million baht in fines.
More than 10,000 appointments were cancelled at the two London NHS trusts that were worst affected.
Around 170 patients have suffered harm as a result of a cyber attack on blood services at London hospitals and GP surgeries, reports suggest.
Pathology services provider Synnovis was the victim of a ransomware attack by a Russian cyber gang in June last year.
As a result more than 10,000 appointments were cancelled at the two London NHS trusts that were worst affected.
And a significant number of GP practices in London were unable to order blood tests for their patients.
Now the Health Service Journal (HSJ) has reported that there were nearly 600 “incidents” linked to the attack, with patient care suffering in 170 of these.
Tonga’s National Health Information System (NHIS) suffered a ransomware breach this week, says Dr ʻAna ʻAkauʻola his evening. The system has been shut down, and staff moved to manual operations.
The breach came to light during a parliament debate on the MEIDECC budget, when Deputy PM Dr Taniela Fusimalohi alerted MPs to the intrusion. Dr ʻAkauʻola confirmed she learned of the hack earlier this week and immediately summoned system administrators. She noted that staff member managing the NHIS “was unaware that it was a serious breach.”
The minister disclosed that hackers encrypted the NHIS and demanded payment, assuring MPs “the hackers won’t damage the information on the NHIS.” She also said she promptly emailed Dr Fusimalohi when she knew of the breach, who engaged the Australian High Commission.
Dr Fusimalohi confirmed an Australian cyber team arrived in Tonga today to help resolve the issue.
Bell Ambulance and Alabama Ophthalmology Associates have suffered data breaches affecting over 100,000 people after being targeted in ransomware attacks.
One of them is Milwaukee, WI-based Bell Ambulance, which provides ambulance services in the area. The company revealed last week in a data security notice that it detected a network intrusion on February 13, 2025.
An investigation showed that hackers gained access to files containing information such as name, date of birth, SSN, and driver’s license number, as well as financial, medical and health insurance information.
Bell Ambulance did not say in its public notice how many individuals are impacted, but the Department of Health and Human Services (HHS) data breach tracker revealed on Monday that 114,000 people are affected.
The Medusa ransomware group announced hacking Bell Ambulance in early March, claiming to have stolen more than 200 Gb of data from its systems.
The second healthcare organization to confirm a data breach impacting more than 100,000 people is Birmingham, AL-based ophthalmology practice Alabama Ophthalmology Associates.
Medical testing services provider Laboratory Services Cooperative (LSC) is notifying 1.6 million individuals that their personal information was stolen in an October 2024 data breach.
As part of the cyberattack, which was identified on October 27, a threat actor accessed LSC’s network and accessed and exfiltrated certain files containing patient and employee information.
The prolific Medusa ransomware group claims to have stolen troves of data from HCRG, including patients’ sensitive health data
Frederick Health Hospital's emergency department was not accepting new patients on Monday morning, according to a state emergency medical services website.
Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.
Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients.
Health care breaches lead to legislation
Highlights of the new standard include:
AEP GmbH was the victim of a targeted cyber attack on October 28, which led to the partial encryption of the company's IT systems. The company's own security systems detected the attack. The company provides information about this on its website.
Change Healthcare updated filings with the federal government to warn that about 100 million people had information accessed by hackers during a ransomware attack in February.
The Department of Health and Human Services’s (HHS) Office for Civil Rights said Change Healthcare notified them on October 22 that “approximately 100 million individual notices have been sent regarding this breach.”
Whisper is a popular transcription tool powered by artificial intelligence, but it has a major flaw. It makes things up that were never said.
One of the largest hospitals in West Texas has been forced to divert ambulances after a ransomware attack shut down many of its systems last Thursday.
The University Medical Center Health System in Lubbock confirmed on Friday that IT outages are being caused by a ransomware incident.
Thousands of records belonging to Confidant Health exposed on a non-password-protected database, including ID, insurance, medicaid cards, and more.
The National Health Laboratory Service is the primary diagnostic service for 80% of the population, and no timeline for its restoration has been determined
A cohort of Russian-speaking hackers is demanding $50 million from a UK lab-services provider to end a ransomware attack that has paralyzed services at London hospitals for weeks, according to a representative for the group.
#Britain #Cancer #Ciaran #Europe #Government #Great #HEALTH #Kingdom #London #Martin #NATIONAL #Regulation #SERVICE #United #business #cybersecni #cybersecurity #technology
As a result of the cyberattack “hospitals cannot currently match patients’ blood at the same frequency as usual,” announced NHS Blood and Transplant.
