Dutch healthcare software vendor ChipSoft has been struck by a ransomware attack that forced the company to take its website and digital services offline for patients and healthcare providers. The incident marks yet another blow to the European healthcare sector, which has seen a surge in ransomware targeting over the past 18 months.
ChipSoft is one of the Netherlands' leading healthcare IT vendors, best known for its HiX electronic patient dossier (EPD) platform — used by dozens of Dutch hospitals and healthcare institutions to manage patient records, appointments, and clinical workflows. The company's ZorgPlatform patient portal, which allows patients to access their own health records and communicate with healthcare providers, was also affected.
Attack Details
According to reporting by BleepingComputer, ChipSoft confirmed the ransomware attack had impacted its systems, necessitating the emergency shutdown of customer-facing web infrastructure and digital services. The company took its main website offline as part of its incident response to contain the spread and prevent further damage.
The specific ransomware group responsible has not been publicly named as of the time of reporting. ChipSoft has not disclosed the scope of any data exfiltration, whether patient data was accessed, or what ransom demand, if any, was made.
Impact on Healthcare Providers
ChipSoft's products are deeply embedded in the Dutch healthcare system:
| Product | Purpose | Impact |
|---|---|---|
| HiX EPD | Electronic Patient Dossier | Core clinical workflows affected |
| ZorgPlatform | Patient self-service portal | Patient access suspended |
| HiX Scheduling | Appointment management | Booking disruptions |
| HiX Pharmacy | Medication management | Prescription workflows disrupted |
Hospitals and clinics dependent on ChipSoft software were forced to implement manual workarounds — a common consequence of healthcare IT ransomware events that can directly affect patient safety when clinical systems become unavailable.
Healthcare: A High-Value Ransomware Target
The ChipSoft attack follows a pattern that has made healthcare one of the most targeted sectors for ransomware operators. Healthcare IT vendors are particularly attractive targets because:
- High leverage: Downtime at a software vendor simultaneously affects dozens of hospitals
- Urgency: Patient care continuity creates pressure to pay ransoms quickly
- Data value: Medical records and patient data command premium prices on dark web markets
- Regulatory exposure: GDPR and Dutch healthcare regulations create additional pressure for organizations to settle
Previous high-profile healthcare IT ransomware incidents include the Change Healthcare attack in 2024, which disrupted prescription processing across the United States for weeks, and the Synnovis blood testing lab ransomware in the UK that caused thousands of urgent blood transfusion appointments to be cancelled.
ChipSoft's Response
ChipSoft has not released a detailed public statement beyond confirming the attack. The company has reportedly:
- Taken its website and customer-facing portals offline
- Activated its incident response plan
- Notified affected customers (hospitals and healthcare institutions)
- Engaged cybersecurity incident response specialists
The Dutch National Cyber Security Centre (NCSC) has been made aware of the incident. Under GDPR Article 33, ChipSoft is required to notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours if personal data belonging to patients was accessed or exfiltrated.
What Healthcare Organizations Should Do
Healthcare providers and hospitals relying on ChipSoft software should:
- Activate manual backup procedures for critical clinical workflows (admissions, prescriptions, scheduling)
- Contact ChipSoft directly for incident status updates and expected restoration timelines
- Isolate any ChipSoft-connected systems if any on-premises integration exists, until the vendor confirms containment
- Review your own network segmentation to ensure a vendor-side incident cannot laterally spread into your environment
- Document all manual workarounds implemented during the outage for regulatory reporting purposes
- Prepare for potential data breach notification obligations if patient data is confirmed stolen
The Broader Pattern
The ChipSoft attack continues a pattern of ransomware operators targeting healthcare software and IT service providers rather than individual hospitals — a more efficient "one attack, many victims" model. As healthcare institutions increasingly consolidate onto shared platforms and SaaS providers, attacks against those platform vendors will continue to have outsized downstream impact.
Source: BleepingComputer — Healthcare IT solutions provider ChipSoft hit by ransomware attack