Swiss Health Foundation Cyber Attack Exposes Federal Data

Uploaded on 2025-07-01 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The Zurich-based non-profit health foundation Radix fell victim to a ransomware attack perpetrated by the Sarcoma cybercrime group on 16th June, resulting in the theft and encryption of 1.3 terabytes of data. The attackers published the stolen data on the dark web on 29th June after Radix refused to meet ransom demands.

The breach has significant implications, as Radix’s client base includes various Swiss federal offices, meaning sensitive government data may have been compromised.

Swiss authorities are now scrambling to assess the extent of the damage, with investigations ongoing to identify affected units and data.

Federal Implications

The Swiss government confirmed on June 30 that the cyberattack on Radix has impacted the federal administration. While Radix does not have direct access to federal systems, ensuring no direct breach of state-run infrastructure occurred, the presence of federal offices among its clients means government data was likely exposed.

The Swiss National Cyber Security Centre (NCSC) is leading efforts to analyse the leaked data, which has already surfaced on dark web platforms in five compressed archives.

However, slow download speeds reported by analysts have hindered immediate assessment of the data’s contents, potentially limiting further exposure. Authorities have yet to specify which departments or data types are affected, but the incident underscores the risks of third-party vulnerabilities in government supply chains.

Radix’s Response & Mitigation 

Radix promptly revoked access to compromised systems upon discovering the attack and confirmed that it holds backups for all encrypted data, mitigating operational disruptions. The foundation has notified individuals potentially affected by sensitive personal data leaks and warned of possible phishing attempts leveraging the stolen information. Radix has engaged the NCSC, the Federal Data Protection and Information Commissioner, and Zurich police to investigate the breach, though the method of intrusion remains undisclosed. Notably, Radix’s anonymous counselling services, SafeZone and StopSmoking, operated on separate infrastructure, were unaffected, according to the Swiss Federal Office of Public Health.

Broader Cybersecurity Context  

The Radix attack follows a pattern of rising cybercrime in Switzerland, with previous incidents targeting entities like the Swiss Federal Railways and media groups. The Sarcoma group, first identified in October 2024, has a history of high-profile attacks, including one on Taiwanese manufacturer Unimicron. This incident also recalls a 2023 breach of Xplain, a Swiss software provider, which exposed 65,000 federal documents. Switzerland’s mandatory cybersecurity incident reporting, introduced in March 2024, aims to bolster response capabilities, but third-party risks remain a challenge. The NCSC has urged heightened vigilance against phishing and further exploitation of the leaked data.

In expert comment, Lee Driver, Vice President of Managed Security Services at Ekco said “This incident is yet another reminder that public sector institutions and non-profits are not immune to the tactics of increasingly professionalised cybercriminal groups. Even when the attack isn’t directly on government infrastructure, the ripple effect through shared third-party platforms can expose sensitive data and create serious trust issues... With data already appearing on the dark web, we’re likely to see further implications as investigators identify which departments and datasets were affected...

...This kind of breach reinforces the importance of comprehensive attack surface management, not just point-in-time assessments, but continuous visibility into how suppliers store, process, and protect information.
 
For public bodies, especially those dealing with health, education, or citizen data, the stakes couldn’t be higher. A proactive approach to cyber resilience, with layered defences and rigorous access controls across the supply chain, is essential to protecting critical services from disruption.” Driver concludes.

Looking Ahead

As investigations continue, the Radix breach highlights the growing threat of ransomware to critical sectors and the cascading risks to government entities reliant on third-party services. Swiss authorities face pressure to strengthen supply chain security and enhance oversight of non-profits handling sensitive data.

For now, the full scope of the breach remains unclear, but its implications could reshape Switzerland’s cybersecurity strategy.

Cybernews  |   Infosecurity Magazine  | The Record  |  BleepingComputer   |   NCSC CH  |  DataBreaches 

Image: Xtockimages

You Might Also Read: 

Healthcare Under (Cyber) Attack: What You Need to Know:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Using Cloud & Unified Communications To Enhance Collaboration & Productivity
Building A Future-Ready GenAI Security Strategy »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Lacuna Talent

Lacuna Talent

Lacuna Talent delivers the combined power of Via Resource, the international Cyber Security recruiter, and Lacuna Talent, the Specialist AI/Data recruiter.

HackRead

HackRead

HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO was founded in 2015 with the aim of counteracting the threats posed by globally organized cybercrime and state-controlled industrial espionage.

BlueVoyant

BlueVoyant

BlueVoyant's Cyber Defense Platform is security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

CyberPrism

CyberPrism

CyberPrism provides SaaS solutions using proprietary technology, underpinned by industry-leading technical practitioners to protect OT within Government, Maritime and Industrial markets.

Destel

Destel

Destel is a system integrator and provider of IT services focused on Advanced Network & Security Solutions.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

Cyan Securiy Group

Cyan Securiy Group

Cyan provide best-in-class cyber security solutions for mobile Internet and mobile devices that are extremely effective and highly intuitive in their use.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

Pillar Technology Partners

Pillar Technology Partners

Pillar Technology Partners is an Information Security Company with a focus on improving Cyber Risk and optimizing the processes and technology that underpin the security of your information assets.

Dropzone AI

Dropzone AI

Dropzone AI are creating a generational leap in SecOps by using AI to automate cyber expertise and tooling.

Thero6

Thero6

Thero6 develop dynamic financial analysis algorithms that help prevent coin collapses and theft of cryptocurrency funds by identifying the transaction absolutely throughout the chain.

SKADI Cyber Defense

SKADI Cyber Defense

At SKADI Cyber Defense, we specialize in enterprise-grade cybersecurity solutions tailored for small to medium businesses.