A ransomware attack targeting Dutch healthcare IT vendor ChipSoft has caused cascading disruptions across the Netherlands' hospital network, forcing the company to disable significant portions of its digital services used by healthcare providers and patients. The national cybersecurity center for the healthcare sector confirmed the incident is actively impacting clinical operations.
ChipSoft is one of the Netherlands' dominant healthcare software providers, best known for its HiX electronic patient dossier (EPD) platform — a core clinical system deployed in dozens of Dutch hospitals for managing patient records, scheduling, prescriptions, and workflows. The ZorgPlatform patient self-service portal, which allows patients to view their own records and communicate with care providers, was also taken offline as part of the incident response.
What Happened
According to reporting by The Record, the ransomware attack struck ChipSoft's systems and required the company to shut down parts of its customer-facing digital infrastructure to contain the spread. The incident follows the now-common pattern of ransomware operators targeting healthcare software vendors rather than individual hospitals — a "one attack, many victims" model that simultaneously disrupts the entire customer base of the targeted provider.
As of initial reporting, ChipSoft had not publicly identified the ransomware group responsible, disclosed the scope of any data exfiltration, or confirmed whether patient data was accessed. The Dutch national cybersecurity organization for the healthcare sector (Z-CERT) confirmed awareness of the incident.
Downstream Impact
ChipSoft's platforms are deeply embedded in Dutch clinical workflows:
| Product | Function | Status |
|---|---|---|
| HiX EPD | Electronic Patient Dossier | Disrupted |
| ZorgPlatform | Patient self-service portal | Offline |
| HiX Scheduling | Appointment management | Disrupted |
| HiX Pharmacy | Medication management | Disrupted |
Hospitals relying on these systems were forced to revert to manual paper-based workflows — a significant operational burden that can directly affect patient safety when prescription systems, clinical notes, and scheduling tools become unavailable simultaneously.
Regulatory Obligations
Under GDPR Article 33, ChipSoft is obligated to notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of a personal data breach — if patient or staff personal data was accessed or exfiltrated. The Dutch healthcare sector is additionally subject to sector-specific regulations around data protection and incident reporting.
Given the volume of patient data processed by ChipSoft's HiX EPD platform across dozens of hospital customers, the potential scope of any data exposure would be significant.
Healthcare: A Prime Ransomware Target
The ChipSoft attack continues a well-documented trend of ransomware operators concentrating on the healthcare sector and its software supply chain. Healthcare is attractive to ransomware groups because:
- Operational urgency creates immense pressure to pay ransoms quickly to restore patient care
- Platform vendors like ChipSoft offer multiplied leverage — one successful attack disrupts all customers simultaneously
- Medical records command high prices on dark web markets for insurance fraud and identity theft
- Regulatory exposure under GDPR and sector-specific laws adds additional pressure to settle
Major precedents include the Change Healthcare attack in 2024, which disrupted US prescription processing for weeks and caused billions in downstream losses, and the Synnovis blood testing lab ransomware in the UK, which forced hospitals to cancel thousands of blood transfusion appointments.
Recommendations for Affected Organizations
Healthcare providers relying on ChipSoft software should take the following steps:
- Activate manual backup procedures for critical clinical workflows — admissions, prescriptions, discharge summaries, and emergency scheduling
- Contact ChipSoft directly for current incident status, expected restoration timelines, and guidance on safe reconnection
- Isolate ChipSoft-connected on-premises integrations until the vendor confirms containment and system integrity
- Review network segmentation to ensure a vendor-side compromise cannot spread laterally into your own infrastructure
- Prepare GDPR notification documentation in the event patient data is confirmed to have been accessed or exfiltrated
- Brief clinical staff on manual workaround procedures and escalation paths during the outage
The Broader Pattern
This attack reinforces why healthcare software vendors represent such a high-value target for ransomware operators. As hospitals and healthcare systems increasingly centralize onto shared EPD platforms and SaaS providers, attacks on those shared platforms produce outsized, simultaneous disruption across dozens of organizations. Vendor security posture is now inseparable from hospital security posture.
Source: The Record — Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft