A Critical Healthcare Vendor Under Attack
Dutch healthcare software company ChipSoft became the target of a ransomware attack on April 7, prompting it to sever connections to several of its digital platforms to contain the damage. The incident has sent shockwaves through the Netherlands' hospital network, with the country's national cybersecurity center for the healthcare sector, Z-CERT, confirming it has been actively coordinating support alongside the company and affected healthcare institutions.
ChipSoft is no minor player in Dutch healthcare infrastructure. Its flagship electronic health record (EHR) platform, HiX, is deployed at roughly 70% of Dutch hospitals, handling patient records and facilitating communication between care providers and patients. The scale of its reach means that any disruption to its services carries significant consequences for day-to-day medical operations across the country.
Services Taken Offline as a Precaution
In the wake of the attack, ChipSoft disabled access to several of its platforms — including Zorgportaal, HiX Mobile, and the Zorgplatform — making them temporarily unavailable to hospitals and patients alike. The company is working to restore systems incrementally and is reissuing login credentials to affected users.
A confidential memo sent to ChipSoft's customers urged them to terminate secure VPN connections following the compromise of the company's systems. According to Dutch broadcaster NOS, 11 hospitals responded by temporarily disconnecting ChipSoft software from their own networks.
Hospitals confirmed to have experienced system unavailability include:
- Sint Jans Gasthuis in Weert
- Laurentius Hospital in Roermond
- VieCuri Medical Center in Venlo
- Flevo Hospital in Almere
ChipSoft's public-facing website also remained unreachable at the time of reporting.
Patient Data Potentially at Risk
In statements to local media earlier in the week, ChipSoft acknowledged the possibility of unauthorized access and said it could not rule out that patient data may have been accessed or stolen. The company said it was taking steps to limit potential damage, though it stopped short of confirming a definitive data breach.
Z-CERT characterized the disruptions as primarily logistical in nature rather than clinically critical. Healthcare institutions increased staffing at service desks and phone lines, and inter-hospital communications shifted more heavily to telephone-based systems to compensate for the loss of digital tools.
"No critical care processes have come to a standstill," Z-CERT stated in its assessment of the situation.
Ripple Effects: LUMC Delays New EHR Rollout
Beyond the immediate service outages, the attack has had secondary consequences. Leiden University Medical Center (LUMC) announced it was temporarily postponing the planned rollout of a new electronic patient record system that ChipSoft was supplying. LUMC indicated, however, that there were no signs its own patients' data had been leaked as a result of the incident.
Attackers Still Unidentified
As of the time of reporting, no ransomware group has claimed responsibility for the ChipSoft attack, and the identity of the perpetrators remains unknown. Investigations are ongoing.
Healthcare Remains a Prime Ransomware Target
The ChipSoft incident is far from an isolated case. Healthcare organizations worldwide continue to attract ransomware actors precisely because the critical nature of medical services creates intense pressure to restore operations rapidly — pressure that threat actors exploit to extract ransoms.
In March, the University of Hawaiʻi Cancer Center disclosed that a ransomware attack on its epidemiology division the previous year had exposed the data of up to 1.2 million people. Earlier in 2025, a cyberattack on Belgium's AZ Monica hospital forced the cancellation of surgeries and required the emergency transfer of critically ill patients to alternative facilities.
These incidents collectively underscore the vulnerability of healthcare providers to ransomware campaigns and the cascading consequences that follow when digital health infrastructure is compromised — not just for individual institutions, but for entire regional care networks that depend on shared software vendors like ChipSoft.
Source: The Record