Swiss Health Foundation Cyber Attack Exposes Federal Data

Uploaded on 2025-07-01 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The Zurich-based non-profit health foundation Radix fell victim to a ransomware attack perpetrated by the Sarcoma cybercrime group on 16th June, resulting in the theft and encryption of 1.3 terabytes of data. The attackers published the stolen data on the dark web on 29th June after Radix refused to meet ransom demands.

The breach has significant implications, as Radix’s client base includes various Swiss federal offices, meaning sensitive government data may have been compromised.

Swiss authorities are now scrambling to assess the extent of the damage, with investigations ongoing to identify affected units and data.

Federal Implications

The Swiss government confirmed on June 30 that the cyberattack on Radix has impacted the federal administration. While Radix does not have direct access to federal systems, ensuring no direct breach of state-run infrastructure occurred, the presence of federal offices among its clients means government data was likely exposed.

The Swiss National Cyber Security Centre (NCSC) is leading efforts to analyse the leaked data, which has already surfaced on dark web platforms in five compressed archives.

However, slow download speeds reported by analysts have hindered immediate assessment of the data’s contents, potentially limiting further exposure. Authorities have yet to specify which departments or data types are affected, but the incident underscores the risks of third-party vulnerabilities in government supply chains.

Radix’s Response & Mitigation 

Radix promptly revoked access to compromised systems upon discovering the attack and confirmed that it holds backups for all encrypted data, mitigating operational disruptions. The foundation has notified individuals potentially affected by sensitive personal data leaks and warned of possible phishing attempts leveraging the stolen information. Radix has engaged the NCSC, the Federal Data Protection and Information Commissioner, and Zurich police to investigate the breach, though the method of intrusion remains undisclosed. Notably, Radix’s anonymous counselling services, SafeZone and StopSmoking, operated on separate infrastructure, were unaffected, according to the Swiss Federal Office of Public Health.

Broader Cybersecurity Context  

The Radix attack follows a pattern of rising cybercrime in Switzerland, with previous incidents targeting entities like the Swiss Federal Railways and media groups. The Sarcoma group, first identified in October 2024, has a history of high-profile attacks, including one on Taiwanese manufacturer Unimicron. This incident also recalls a 2023 breach of Xplain, a Swiss software provider, which exposed 65,000 federal documents. Switzerland’s mandatory cybersecurity incident reporting, introduced in March 2024, aims to bolster response capabilities, but third-party risks remain a challenge. The NCSC has urged heightened vigilance against phishing and further exploitation of the leaked data.

In expert comment, Lee Driver, Vice President of Managed Security Services at Ekco said “This incident is yet another reminder that public sector institutions and non-profits are not immune to the tactics of increasingly professionalised cybercriminal groups. Even when the attack isn’t directly on government infrastructure, the ripple effect through shared third-party platforms can expose sensitive data and create serious trust issues... With data already appearing on the dark web, we’re likely to see further implications as investigators identify which departments and datasets were affected...

...This kind of breach reinforces the importance of comprehensive attack surface management, not just point-in-time assessments, but continuous visibility into how suppliers store, process, and protect information.
 
For public bodies, especially those dealing with health, education, or citizen data, the stakes couldn’t be higher. A proactive approach to cyber resilience, with layered defences and rigorous access controls across the supply chain, is essential to protecting critical services from disruption.” Driver concludes.

Looking Ahead

As investigations continue, the Radix breach highlights the growing threat of ransomware to critical sectors and the cascading risks to government entities reliant on third-party services. Swiss authorities face pressure to strengthen supply chain security and enhance oversight of non-profits handling sensitive data.

For now, the full scope of the breach remains unclear, but its implications could reshape Switzerland’s cybersecurity strategy.

Cybernews  |   Infosecurity Magazine  | The Record  |  BleepingComputer   |   NCSC CH  |  DataBreaches 

Image: Xtockimages

You Might Also Read: 

Healthcare Under (Cyber) Attack: What You Need to Know:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Using Cloud & Unified Communications To Enhance Collaboration & Productivity
Building A Future-Ready GenAI Security Strategy »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

QTS

QTS

QTS Realty Trust, Inc. is a leading provider of secure, compliant data center, hybrid cloud and managed services.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

CI-CERT

CI-CERT

CI-CERT is the national Computer Incident Response Team for Cote d'Ivoire.

MXC Security

MXC Security

MXC designs and delivers corporate-wide information security management system with our full-time IRCA Accredited consulting team.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

Ashley Page

Ashley Page

Ashley Page offer a unique cyber insurance and risk management solution - Cyber+Insure.

Cingo Solutions

Cingo Solutions

Cingo Solutions is a Managed Detection & Response company providing specialized data security services.

AuthLite

AuthLite

With AuthLite, you can keep using all your existing software, with added two-factor authentication security placed exactly where you need it.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

GuardDog.ai

GuardDog.ai

guardDog.ai has developed a cloud-based software service with a companion device that work together to simplify network security.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

Tide Foundation

Tide Foundation

Tide's breakthrough multi-party-cryptography enables TRUE-zero-trust technology that unlocks cyber-herd immunity.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

DerSecur

DerSecur

DerSecur has been engaged in advanced technology activities in the field of Application Security since 2011. We offer R&D technology solutions in the field of SAST, DAST and SCA analysis.

NinjaOne

NinjaOne

The NinjaOne Platform was built to help IT and MSP teams efficiently manage, patch, and support all endpoints.