ChipSoft ransomware disruption

A ransomware attack on ChipSoft, one of the Netherlands’ main hospital software vendors, knocked patient-facing services offline and disrupted data exchange at affected hospitals. (z-cert.nl) Z-CERT, the Dutch healthcare cyber emergency team, said it was notified on April 7, 2026 that ChipSoft had been hit. On April 9, Z-CERT said ChipSoft had precautionarily shut off Zorgportaal, HiX Mobile and Zorgplatform, then began restoring systems in phases with new access credentials. (z-cert.nl) ChipSoft’s software is used by about 70% to 80% of Dutch hospitals, according to multiple reports, so a vendor outage quickly spread beyond one company’s network. Dutch media reported hospitals were told to cut secure virtual private network links to ChipSoft after the compromise. (theregister.com; dutchnews.nl) The immediate effect was less about beds and ventilators than the digital plumbing around care. Z-CERT said no critical care processes had stopped as of April 9, but hospitals were adding staff at service desks, leaning more on phone lines, and handling more institution-to-institution communication manually. (z-cert.nl) That is how a supplier breach turns into a hospital operations problem: patient portals, mobile access, referrals and record-sharing can all depend on the same outside platform. The Dutch general practitioners’ association said even clinics not running ChipSoft directly could still feel knock-on effects in coordination with hospitals. (lhv.nl) The incident also widened from availability to possible privacy exposure. NL Times, citing NOS, reported on April 15 that ChipSoft could not rule out access to data from some hospitals using its HiX365 platform, where traffic between patients and records passes through ChipSoft’s servers. (nltimes.nl) That report said about 15 Dutch hospitals use HiX365, including Franciscus Gasthuis in Rotterdam and Albert Schweitzer Hospital in Dordrecht. It also said ChipSoft advised those hospitals to report a possible data leak to the Dutch Data Protection Authority, which confirmed to NOS that it had received multiple reports. (nltimes.nl) Other healthcare groups struck a more cautious note while the investigation continued. The Dutch general practitioners’ association said on April 9 that personal data was “probably” not involved based on the information then available, and that there was no immediate reason for family doctors to file their own breach notifications. (lhv.nl) The story now is not only whether ChipSoft restores every service, but how many hospitals were tied to one shared route for records, messages and patient logins. The first week of the outage showed that when that route breaks, hospitals can keep treating patients while much of the coordination around care slows down. (z-cert.nl; nltimes.nl)