Sensitive Swiss Government Data Leaked After Cyberattack on Public Health Contractor
A serious cybersecurity incident has rocked Switzerland as the federal government confirmed that classified data from multiple agencies was leaked following a cyberattack on Radix, a public health nonprofit organization. The breach highlights growing concerns about third-party vulnerabilities in national digital infrastructure.
Radix: A Critical Partner in Swiss Public Services
Based in Zurich, Radix Foundation is a nonprofit entity that offers consulting, digital services, and health-related projects to federal, cantonal, and municipal agencies. It also works closely with large public and private institutions. On June 16, 2025, Radix reported that it had suffered a sophisticated cyberattack.
According to the organization, the cybercriminal group Sarcoma was responsible for the breach. The attackers allegedly stole sensitive files, encrypted internal systems, and later published the data on the dark web after what appears to have been a failed negotiation attempt.
Who is Behind the Attack?
Sarcoma is a high-profile ransomware gang that emerged in late 2024 and has since been linked to at least 36 known cyberattacks. Their targets range from global manufacturers to public-sector agencies. Their attack on Unimicron, a major electronics firm, brought them to international attention.
Sarcoma employs a combination of technical exploitation and social engineering to infiltrate networks. In the case of Radix, the breach not only compromised the organization’s internal files but also exposed federal government data, which Sarcoma posted to their own dark web portal on June 29.
What Data Was Compromised?
Although a full inventory of the leaked data has not yet been released, officials from the Swiss National Cybersecurity Center (NCSC) have confirmed that client data from federal agencies was stolen. However, systems operated directly by the Federal Administration were not affected, as Radix did not have direct access to those networks.
Still, the breach underscores the interconnected nature of digital supply chains and the risks posed when trusted partners are compromised.
Swiss Government Response
Following the disclosure, the NCSC initiated an emergency investigation into the scope of the breach. Forensic cybersecurity teams are now analyzing how the attackers gained entry and whether other systems may still be vulnerable.
Swiss authorities are also reportedly reviewing the country’s broader cybersecurity protocols to strengthen third-party risk management, especially for organizations that work with sensitive government systems.
Third-Party Providers: A Growing Cybersecurity Blind Spot
This incident illustrates a hard truth: no organization is immune when their vendors or contractors become targets. With nonprofits and infrastructure providers handling more digital services than ever, they are increasingly in the crosshairs of ransomware groups.
Attackers like Sarcoma understand that compromising such third-party firms can provide a backdoor into government systems, all while keeping direct federal networks untouched.
The Role of the Dark Web in Data Leaks
The stolen information from Radix has already been published on darknet leak sites, which often serve as platforms for cybercriminals to increase pressure on victims. These portals allow public access to stolen documents, heightening the risk of espionage, blackmail, and fraud.
Leaked files may include health reports, administrative communications, and internal memos from Radix clients. Even without direct federal access, the leak of auxiliary data could compromise national security protocols, especially when cross-referenced with existing datasets.
A Cautionary Tale for Governments Worldwide
While Switzerland investigates, the global cybersecurity community is taking notice. The Radix incident is already being cited as a textbook case of how cyberattacks on contractors can expose even the most secure government agencies.
Experts argue that more aggressive regulation and compliance checks should be required of all vendors handling government-related data, especially in sectors like healthcare and public administration.
Conclusion: Trust, Transparency, and the Need for Cyber Resilience
The cyberattack on Radix is more than a security lapse—it’s a wake-up call for governments worldwide. As public agencies increasingly outsource digital services, the security perimeter extends far beyond government firewalls.
Switzerland’s transparency in acknowledging the breach is commendable, but the challenge now lies in preventing similar incidents. It’s time for systemic upgrades in third-party risk management, stronger encryption standards, and ongoing collaboration between public and private sectors.
As ransomware groups become more audacious, data security must become a non-negotiable priority, not just for governments, but for every entity within their digital ecosystem.
