since its a .ch domain, i believe its in swiss.
In germany we have our DSGVO (GDPR), and you can report it too.
If a breach happen, you have to inform all your customers.
if its a first time and you tried to your own best, the punishment is not that hard, but since these are medical infos they should have known better.
Switzerland is very liberal in terms of business-oriented regulations to the point that you could crate a new year party in a closed cellar without emergency exists, not to mention anti-fire installation and burn people alive there.
since its a .ch domain, i believe its in swiss. In germany we have our DSGVO (GDPR), and you can report it too. If a breach happen, you have to inform all your customers. if its a first time and you tried to your own best, the punishment is not that hard, but since these are medical infos they should have known better.
Lets really hope they learned from their mistakes
Switzerland is very liberal in terms of business-oriented regulations to the point that you could crate a new year party in a closed cellar without emergency exists, not to mention anti-fire installation and burn people alive there.