grid
Abstract circular gradient with concentric rings in blue, green, yellow, and red fading into black background.
5 min read

ChipSoft Ransomware Attack Disrupts Dutch Hospital Network

ChipSoft Ransomware Attack
Published on
April 10, 2026

A ransomware attack on Dutch healthcare IT vendor ChipSoft has sent shockwaves through the Netherlands' medical system, taking down the company's website and forcing hospitals across the country to disconnect from its patient record platform. The ChipSoft ransomware attack, confirmed by the Dutch healthcare cybersecurity agency Z-CERT on April 8, 2026, has put patient data at risk and exposed a critical vulnerability at the heart of the country's healthcare infrastructure.

ChipSoft provides the HiX electronic health record (EHR) system to approximately 80 percent of Dutch hospitals. One company, one platform, and now one attack affecting a nation's medical network.

A Single Point of Failure

The attack began on April 7, 2026. ChipSoft's website went dark almost immediately. In an internal memo circulated to healthcare institutions, the company acknowledged a "data incident" involving "possible unauthorized access" and advised connected facilities to disconnect from its systems while it contained the damage.

Z-CERT confirmed the ransomware element in an advisory the following morning. The agency moved quickly, contacting ChipSoft and its healthcare partners to assess the scope of the compromise and coordinate recovery efforts.

As a precaution, ChipSoft disabled all connections to three of its core digital health platforms: Zorgportaal, HiX Mobile, and Zorgplatform. Healthcare institutions were advised to terminate their VPN connections to ChipSoft and monitor internal network traffic for suspicious activity.

Which Hospitals Were Affected

Eleven hospitals disconnected their patient portals after the attack, including Slingeland Hospital, Rijnstate Hospital, Franciscus Hospital, Diakonessenhuis, Frisius MC, Tergooi MC, Sint Jans Gasthuis in Weert, Laurentius in Roermond, VieCuri in Venlo, and Flevo Hospital in Almere.

The disruption was uneven. Several hospitals, including Rijnstate and Franciscus, reported that patient data remained secure because it was stored in isolated environments rather than on ChipSoft's central infrastructure. Most facilities connected to HiX continued operating normally throughout the incident.

ChipSoft has not been able to rule out that patient data was accessed or stolen during the intrusion. The records at risk contain names, addresses, national identification numbers, diagnoses, treatment histories, and insurance details. No ransomware group has publicly claimed responsibility for the attack, and ChipSoft has not confirmed whether it is engaged in any ransom negotiations.

Why Healthcare Vendors Are Prime Targets

Attackers do not target healthcare IT vendors by accident. A successful compromise of a vendor like ChipSoft creates immediate leverage across dozens of institutions at once. Hospitals face enormous pressure to restore systems quickly because downtime carries direct consequences for patient safety. That pressure is exactly what ransomware operators exploit.

When a single vendor manages patient records for four in five hospitals, the attack surface is not just corporate. It becomes a public health concern.

Z-CERT's own annual landscape report listed ransomware and extortion as the foremost threats facing Dutch healthcare organizations, describing them as threats that have not materially diminished in recent years. The ChipSoft incident has confirmed that assessment.

A Pattern Across European Healthcare

This attack does not arrive in isolation. In January 2026, the AZ Monica hospital network in Belgium was paralysed by a ransomware attack that forced staff to turn away ambulances and transfer critical patients to other facilities. Operations were postponed. Wards were disrupted for days.

In March 2026, TriZetto Provider Solutions, a Cognizant healthcare IT subsidiary, suffered a data breach that exposed sensitive information belonging to more than 3.4 million people.

The pattern is consistent. Attackers are moving up the supply chain, targeting the vendors and platforms that connect entire healthcare networks rather than individual hospitals. One successful intrusion delivers maximum disruption and maximum negotiating power.

Wim Hafkamp, director at Z-CERT, put the stakes clearly:

"Digital outage is not an abstract IT problem. It concerns people who needcare."

What Needs to Change

The ChipSoft ransomware attack makes the structural problem impossible to ignore. Concentrating patient records across a single vendor's infrastructure creates systemic risk. When that vendor goes down, hospitals go with it.

Security professionals have long advocated for architectural separation between patient data and third-party vendor networks. VPN connections to external providers should be monitored continuously. Backup systems must be able to function independently of any single software platform. Disaster recovery plans need to be tested before an incident, not written afterone.

For hospital administrators, the immediate lesson is operational. Knowing in advance how to route care, communicate with patients, and maintain records without a core software platform is not a contingency. At this point, it is a requirement.

ChipSoft's recovery is ongoing. The identity of the attackers remains unknown.

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.