ChipSoft: stolen patient data destroyed

Medical software is one of those systems you barely notice until it breaks. Then it turns into a hospital problem, not just an IT problem. That is why this ChipSoft story matters: a ransomware attack on a vendor used by most Dutch hospitals exposed patient data, and now the company says the stolen files were destroyed. The news is not that the attack happened — that was already known in early April. The news is that ChipSoft said on April 28 its experts had verified the stolen data was deleted and never published. ### What is ChipSoft, exactly? ChipSoft makes healthcare software, including the HiX electronic patient record system. In the Netherlands, that gives it an unusually central role — reports around the incident put its footprint at about 70% of Dutch hospitals. So when ChipSoft gets hit, the blast radius is not one clinic or one insurer. It can affect hospital portals, information around. ### What happened in April? ChipSoft says it was hit by ransomware in early April 2026. As a precaution, connections to parts of its platform were shut down from April 8, including patient-facing and mobile services. Early on, the company could not rule out data theft. Then its forensic investigation got more specific: by April 16, ChipSoft said criminals had in fact stolen personal data from customers, including medical information. ### What changed now? The new development came in ChipSoft’s April 28 update. The company said all data obtained in the attack had been destroyed and had not been published. It also said cybersecurity specialists confirmed the destruction happened in a technically correct or technically sound way. That is a meaningful shift in posture — from “data may have been taken” to “data was taken, but we believe it is now gone.” ### Why is that still hard to prove? Because “destroyed” is not the same thing as “provably never copied.” If attackers stole files, they could have duplicated them before deleting one version. ChipSoft has not publicly explained what evidence its specialists reviewed, and it has not said whether a ransom was paid. That leaves the public with a familiar ransomware problem cannot independently verify what happened on the attacker’s side. ### Did the attackers leak anything? So far, ChipSoft says no — the stolen data was not published. Separate reporting on the incident said the ransomware group Embargo had claimed to possess about 100 GB of data and threatened to leak it. But a threat to publish is not the same as publication, and the company’s latest line is that nothing was released before the deletion was confirmed. ### Why does the concentration matter so much? This is the uncomfortable part. Healthcare loves central platforms because they make records, scheduling, billing, and clinician workflows easier. But concentration creates a single choke point. One vendor compromise can force hospitals to disconnect systems all at once, even if failure in medicine. ### What should readers take from it? ChipSoft’s update is better news than a leak dump on the dark web. But it is not a clean ending. Patient data was stolen. The company says it is now destroyed. The gap is that the public still cannot see the proof for itself — and in ransomware cases, that gap is often the whole story.