Ransomware attack hits ChipSoft, disrupting healthcare systems across Dutch hospitals and raising concerns over patient data security and service continuity.

Continue reading
Dutch healthcare software provider ChipSoft has been hit by a ransomware attack that forced the company to take its website and several digital services offline, disrupting access for patients and healthcare providers.
ChipSoft is one of the Netherlands’ major electronic health record vendors, and its HiX platform is used by many hospitals across the country.
The incident came to public attention after users on Reddit began reporting that the healthcare software developer was dealing with a cybersecurity event. Local media later confirmed that ChipSoft had circulated an internal memo to healthcare institutions warning of _“possible unauthorized access,”_ while advising operators to disconnect from its systems until cleanup efforts were complete. The company also said it was taking steps to limit the damage as much as possible.
The Netherlands’ healthcare cybersecurity response organization, Z-CERT, later said ChipSoft had been affected by a ransomware incident. Z-CERT said it was working with the company and with healthcare institutions to assess the impact and support recovery efforts. That confirmation significantly escalated concern around the attack, since ChipSoft sits at the center of digital workflows used by multiple healthcare organizations.
As a precautionary measure, ChipSoft disabled all connections to its Zorgportaal, HiX Mobile, and Zorgplatform digital health services. Those shutdowns were intended to contain the incident and reduce the risk of further spread, but they also created immediate operational friction for hospitals and care providers that rely on those platforms for day-to-day service delivery.
Although some Dutch media outlets reported that most patient-facing systems continued to work normally, other reports showed that outages were affecting multiple hospitals. Confirmed disruption was reported at Sint Jans Gasthuis in Weert, the Laurentius in Roermond, VieCuri hospital in Venlo, and Flevo Hospital in Almere.
The mixed picture suggests the incident did not impact every institution in the same way, but it was serious enough to create localized disruption in hospital operations.
An intrusion at a healthcare IT supplier can have a much wider blast radius than an attack on a single hospital. ChipSoft operates as a central information hub for multiple healthcare centers, which means a compromise there can affect access, communications, and continuity of care across an entire network.
In practical terms, ransomware against a vendor can cascade into appointment handling, patient records access, mobile access tools, and other services that clinicians depend on to keep treatment moving. That broader systemic risk is part of what makes this incident especially sensitive.
The ChipSoft case arrives during a period when healthcare technology firms continue to face heavy pressure from data breaches and service disruptions.
The noted that CareCloud disclosed a data breach last month that exposed sensitive information and caused a multi-hour outage, while Cognizant’s healthcare IT company TriZetto Provider Solutions suffered a breach earlier in March 2026 that exposed information belonging to more than 3.4 million people.
Those examples show how frequently healthcare-facing technology companies are becoming high-value targets.
The situation also appears to have grown beyond the Netherlands.
BleepingComputer’s update on April 10 reported that the attack had also affected several Belgian hospitals. If confirmed at scale, that would mean the operational impact was not limited to one national healthcare ecosystem, but had crossed into neighboring systems that may also depend on shared software infrastructure or interconnected service chains.
At the time of publication, ChipSoft had not responded to request for comment. That leaves several key questions unanswered, including the ransomware group involved, whether any data was exfiltrated, how initial access was gained, and how long restoration efforts may take. Until the company releases further technical or incident-response details, the full scope of the breach and encryption event remains unclear.
The immediate priority for ChipSoft and the institutions connected to its systems will be containment, validation of affected environments, and staged restoration of services.
For hospitals, the challenge is not only restoring access to platforms like HiX and Zorgportaal, but doing so in a way that preserves trust in clinical data and avoids introducing further operational risk.
The incident is a sharp reminder that healthcare cybersecurity is no longer just about keeping one organization online. It is about protecting the continuity of care across an entire network of providers, patients, and digital systems.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation