Cyber Incident Victim: Vidymed

On December 7, 2024, the Vidymed medical group operating four centers in Lausanne and Épalinges, Switzerland, suffered a cyberattack described as a "Computereinbruch" (computer intrusion). The organization, employing 90 physicians conducting approximately 100,000 annual consultations, detected the breach on Saturday, December 8, prompting immediate containment measures. Vidymed suspended all IT systems to prevent potential data exfiltration, forcing staff to record patient information manually using pen and paper. Despite this operational disruption, the group maintained medical services across all facilities by implementing unspecified security protocols. Telephone services were restored shortly after the incident, though core IT systems remained offline during the initial response phase. Vidymed engaged cybersecurity specialists to investigate the attack’s origin and evaluate potential consequences for patient data and infrastructure integrity. No evidence of specific data compromise was disclosed at this stage.

Vidymed notified Swiss authorities immediately following the intrusion, triggering the formation of a multi-agency crisis management unit due to concerns about cascading impacts on Vaud’s healthcare system. This unit included Vidymed leadership, the Cantonal Command Staff (KFS), Vaud Cantonal Police, the Cantonal Computer Security Incident Response Team (CSIRT), and the Department of Health and Social Affairs (DSAS). The organization committed to transparent communication as the investigation progressed, emphasizing the priority of safeguarding patient, partner, and employee data confidentiality. No ransomware claims, threat actor attribution, or specific technical vulnerabilities were disclosed in available reports. Business continuity measures remained active while digital infrastructure underwent security reinforcement, with no reported interruptions to critical patient care during the incident response period.