zum Inhalt springen

    Security Analysis of Practice Information Systems (PIS): Looking for Participating Medical Practices

    Tags:

    Practice Information System (PIS) are the digital backbone of every medical practice and essential for outpatient care in Switzerland. Yet many practices lack the time, resources, and IT expertise to ensure their systems are secure or to demand targeted improvements from vendors.

    The National Test Institute for Cybersecurity NTC aims to close this gap. Together with medical practices, NTC will systematically test widely used PIS. For participating practices, this means: stronger security, better understanding of their own risks, direct influence on the systems being analyzed— without disrupting daily operations. We are looking for practices that want to support this review and strengthen the security of their own practice and the entire healthcare system. 

    2025-pis-test

    Benefits for participating practices with minimal effort 

    Immediate security gains: Vulnerabilities are identified and addressed.

    Minimal effort: The practice provides system access; NTC handles the rest.
    No disruption: Operations continue as usual during testing.
    Active involvement: Practices help decide which PIS are analyzed.

    Better protection of patient data and infrastructure.

    Contribution to the digital resilience of Swiss healthcare.


     

    NTC initiates cooperative security testing 

    NTC brings together the interests of practices and the industry. As a non-profit institute, it enables security analyses that individual practices or private companies could hardly achieve alone. The initiative is supported by the Swiss Medical Association (FMH) and the National Cyber Security Centre NCSC.

    HIS- Analyses revealed gaps—and significant security gains 

    Recent security analyses of hospital information systems (HIS) showed that even systems operated by large hospitals with professional IT departments can have severe vulnerabilities. The report published in January 2025 sparked broad public discussion and raised awareness of cybersecurity risks in healthcare. Initial findings suggest similar challenges exist in outpatient care, where independent security reviews are rare.

    Process and objectives 

    Common systems such as amétiq siMed, Axenita, vitomed, SMR, or AESKULAP will be examined. Results will be documented in detail so practices and vendors can address identified vulnerabilities effectively, confidentially and without public disclosure. Broader insights will be anonymized and summarized in a report with recommendations for the industry. This way, participating practices benefit immediately while strengthening the digital resilience of the entire Swiss healthcare system. 

    Register your interest — simple and non-binding 

    Practices that want to improve the security of their systems and patient data can express interest by providing a few details: