ChipSoft Healthcare Software Hit by Ransomware Attack, Service Outage in Netherlands

CHIPSOFT HIT BY RANSOMWARE ATTACK

1. Executive Summary

• A major Dutch healthcare software vendor, ChipSoft, experienced a ransomware incident that disrupted its digital services and website for patients and healthcare providers.
• ChipSoft’s flagship electronic health record platform, HiX, is widely used across Dutch hospitals, making the disruption especially impactful.
• In response to the incident, ChipSoft disabled connections to key digital health services, including Zorgportaal, HiX Mobile, and Zorgplatform, as a precautionary measure.
• The Netherlands’ national cybersecurity authority for healthcare, Z-CERT, confirmed the incident and stated it is collaborating with ChipSoft and healthcare institutions to assess impact and support recovery efforts.

1. About ChipSoft and HiX

• ChipSoft is a prominent provider of electronic health record (EHR) systems in the Netherlands.
• HiX is the company’s central platform for patient data management and clinical workflows, deployed at numerous hospitals and care facilities.
• The incident underscores the critical role ChipSoft plays in the Dutch health IT ecosystem, where disruptions can cascade across multiple hospital networks.

1. Incident Details and Timeline

• The event was publicly acknowledged in early April 2026 following reports from online communities and local media.
• By April 9, 2026, multiple media outlets and internal communications indicated that ChipSoft had been affected by a cybersecurity incident and that systems were being isolated to prevent further unauthorized access.
• ChipSoft circulated an internal memo to healthcare institutions warning of possible unauthorized access and outlining steps to limit adverse effects while cleanup proceeds.
• Z-CERT subsequently announced that the ransomware incident had impacted ChipSoft and indicated ongoing coordination with the company and healthcare providers.

1. Systemic Impact and Affected Services

• In response to the incident, ChipSoft disabled all connections to its digital health services, including Zorgportaal, HiX Mobile, and Zorgplatform.
• Official communications suggested that while some patient-facing systems may have resumed operation in parts of the country, several hospitals reported continued outages or degraded access to these services.
• The disruption affected patient portals and associated digital services that hospitals rely on for patient authentication, record lookup, and secure messaging.

1. Regional Hospital Outages

• Specific hospital sites reported outages impacting patient portals and related services.
• Sint Jans Gasthuis in Weert, Laurentius in Roermond, VieCuri in Venlo, and Flevo Hospital in Almere were among the facilities cited in local reports as experiencing access issues or precautionary outages linked to the incident.

1. Response Actions and Mitigation

• ChipSoft advised healthcare operators to disconnect from its systems as a containment measure while the incident was investigated and remediation steps were planned.
• The company indicated it was implementing measures to limit negative consequences and to support a safe cleanup process.
• National coordination via Z-CERT emphasized collaboration with ChipSoft and healthcare institutions to determine the incident’s scope, secure affected environments, and guide recovery.

1. National Cybersecurity Coordination

• Z-CERT, the Netherlands’ cybersecurity response body for the healthcare sector, confirmed the ransomware event and stated it was working with ChipSoft and affected hospitals.
• The agency described its role as identifying impact, aiding recovery, and assisting institutions in resuming normal operations in a controlled and secure manner.

1. Historical Context: Similar Incidents in Healthcare IT

• The healthcare IT sector has seen multiple ransomware and data breach events in the months surrounding the ChipSoft incident.
• Notable recent events include a data breach at CareCloud that exposed patient data and caused service disruptions, and a separate breach affecting TriZetto Provider Solutions within Cognizant, impacting millions of patient records.
• These incidents illustrate a pattern of attackers targeting healthcare IT suppliers to maximize reach and data exposure, highlighting the interconnected risk of vendor ecosystems.

1. Observations and Industry Context

• Attacks on healthcare IT suppliers can yield widespread disruption because hospitals rely on centralized platforms for patient data, scheduling, and clinical workflows.
• The incident at ChipSoft reinforces the importance of layered security, rapid containment, and transparent incident response when health information systems are in play.
• The situation also underscores the sensitivity of patient portals and digital health services to cyber threats, given their role in day-to-day access to medical information and care coordination.

1. Appendix: Known Details and Open Questions

• Public reporting indicates that ChipSoft halted external connections to core digital services and that Z-CERT is actively coordinating with stakeholders to assess full impact and recovery timelines.
• Exact ransom demands, threat actor attribution, and the full extent of data exposure remain undisclosed in official channels and public briefings.
• Additional hospital-specific status updates and regional recovery progress depend on ongoing investigations and remediation efforts led by ChipSoft in collaboration with healthcare partners.