Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft

A ransomware attack on Dutch healthcare software vendor ChipSoft has forced the company to disable parts of its digital services used by hospitals and patients across the Netherlands, the national cybersecurity center for the healthcare sector said.

ChipSoft was hit by the attack on April 7, according to a statement from Z-CERT, which said it has been working with the company and healthcare institutions to monitor the situation and coordinate support.

As a precaution, ChipSoft disabled connections to several of its platforms, including Zorgportaal, HiX Mobile and the Zorgplatform, making them temporarily unavailable while the company restores systems in stages and issues new login credentials to users.

ChipSoft is a major supplier of electronic health record (EHR) systems in the Netherlands. Its flagship platform, HiX, is used by roughly 70% of Dutch hospitals and is widely deployed to manage patient records and facilitate communication between healthcare providers and patients.

The company told local media earlier this week that the incident involved “possible unauthorized access” and said it could not rule out that patient data may have been accessed or stolen. ChipSoft said it was taking steps to limit potential damage.

Z-CERT said the disruption has so far caused mostly logistical problems rather than critical medical issues. Healthcare institutions have increased staffing at service desks and phone lines, while communication between hospitals has shifted more heavily to telephone systems.

“No critical care processes have come to a standstill,” the organization said.

According to Dutch broadcaster NOS, 11 hospitals temporarily disconnected ChipSoft software from their networks following the attack. A confidential memo sent to customers advised them to cut secure VPN connections after the company’s systems were compromised.

Systems were reported unavailable at several hospitals, including Sint Jans Gasthuis in Weert, Laurentius Hospital in Roermond, VieCuri Medical Center in Venlo and Flevo Hospital in Almere.

The identity of the attackers remains unknown, and no ransomware group has claimed responsibility for the incident. ChipSoft’s website remained unreachable at the time of writing.

The attack has also had ripple effects beyond immediate service disruptions. Leiden University Medical Center (LUMC) said it had temporarily postponed the rollout of a new electronic patient record system supplied by ChipSoft following the incident. The hospital said there were no indications that its patients’ data had been leaked.

The healthcare organizations remain frequent targets of ransomware attacks because disruptions to medical systems can put pressure on institutions to quickly restore operations.

In March, the University of Hawaiʻi Cancer Center said a ransomware attack on its epidemiology division last year exposed the data of up to 1.2 million people. Earlier this year, a cyberattack on Belgium’s AZ Monica hospital forced the cancellation of surgeries and the transfer of critically ill patients to other facilities.