28.07.2022 - Digitalisation rapidly gained momentum during the COVID-19 pandemic. However, growing digitalisation also means greater cyber-risks, including in the healthcare sector. In response to this, the Swiss Conference of the Cantonal Ministers of Public Health has developed recommendations on data protection and information security, referring to the recommendations on cybersecurity in the healthcare sector defined by the NCSC.
Digital innovations in the healthcare sector are becoming more and more widespread. Examples include telemedicine, electronic patient records and the tracking of health data via smartwatches. The use of new technologies and growing networking are changing the healthcare sector. The COVID-19 pandemic demonstrated the value of eHealth. Cybersecurity is a key factor in ensuring the resilience and availability of critical healthcare services.
Supplementary recommendations of the Swiss Conference of the Cantonal Ministers of Public Health
For this reason, the NCSC contacted the Swiss Conference of the Cantonal Ministers of Public Health (GDK) during the pandemic in order to jointly boost cybersecurity in the healthcare sector. The first step was to raise hospitals' awareness of the issue by means of letters and presentations. Moreover, monthly security updates were distributed to all players in the healthcare sector during the pandemic. Furthermore, the NCSC provided the healthcare sector with various tools and data to ensure better protection.
Last May, the GDK supplemented its existing recommendations on hospital planning with a recommendation on data protection and information security (recommendation 16). Among other things, this recommends that hospitals have an information security management system (ISMS) and take certain ISMS measures.
NCSC recommendations on cybersecurity in the healthcare sector
To support this work, the NCSC has defined minimum technical and organisational requirements for cybersecurity in the healthcare sector. These include patch and lifecycle management, timely monitoring of log data and the blocking of risky email attachments. The NCSC believes that the defined measures should be implemented as a matter of priority across the board by all healthcare service providers. Effective today, the NCSC's recommendation and the minimum requirements are posted on the NCSC's website in the three national languages and in English. They are intended as a guide to reduce cyber-risks and thus support the ISMS required by the GDK.
GDK recommendations on hospital planning (available in German and French)
Last modification 28.07.2022