A ransomware attack on ChipSoft, the Dutch healthcare IT vendor whose HiX electronic health record system serves approximately 80 percent of Dutch hospitals, forced eleven hospitals to disconnect their patient portals and exposed patient data including names, national identification numbers, diagnoses, treatment histories, and insurance details.
The attack began on April 7, 2026. ChipSoft's website went offline immediately. In an internal memo, the company acknowledged a "data incident" involving "possible unauthorized access" and advised connected facilities to disconnect from its systems.
The Dutch healthcare cybersecurity agency Z-CERT confirmed the ransomware element the following morning. As a precaution, ChipSoft disabled all connections to three core platforms: Zorgportaal, HiX Mobile, and Zorgplatform. Healthcare institutions were instructed to terminate VPN connections to ChipSoft and monitor internal network traffic for suspicious activity.
Eleven hospitals disconnected their patient portals: Slingeland Hospital, Rijnstate Hospital, Franciscus Hospital, Diakonessenhuis, Frisius MC, Tergooi MC, Sint Jans Gasthuis in Weert, Laurentius in Roermond, VieCuri in Venlo, and Flevo Hospital in Almere.
Several facilities, including Rijnstate and Franciscus, reported that patient data remained secure because it was stored in isolated environments rather than on ChipSoft's central infrastructure. ChipSoft has not ruled out that patient data was accessed or stolen. No ransomware group has claimed responsibility, and ChipSoft has not confirmed whether ransom negotiations are underway.
Wim Hafkamp, director at Z-CERT:
"Digital outage is not an abstract IT problem. It concerns people who need care."
The incident follows a January 2026 ransomware attack on Belgium's AZ Monica hospital network that forced staff to turn away ambulances and transfer critical patients, and a March 2026 breach at TriZetto Provider Solutions that exposed data belonging to more than 3.4 million people.
Z-CERT's annual landscape report had listed ransomware and extortion as the foremost threats facing Dutch healthcare organizations, noting these threats have not materially diminished.
The structural vulnerability remains unaddressed: when one vendor manages patient records for four in five hospitals, a single successful intrusion becomes a public health concern.