Overview
Dutch healthcare IT company ChipSoft has confirmed it was hit by a ransomware attack that forced the company to take its website and digital services for patients and healthcare providers offline. ChipSoft develops healthcare software widely used across the Netherlands, making the attack a significant disruption to the country's healthcare infrastructure.
What Happened
ChipSoft, the company behind the popular HiX electronic health record (EHR) system, was targeted by ransomware actors who successfully breached company systems. In response, ChipSoft took its website and patient-facing digital platforms offline as a precautionary containment measure.
The attack disrupted services used by hospitals, clinics, and healthcare facilities that rely on ChipSoft's software to manage patient records, appointment scheduling, and clinical workflows.
Impact on Healthcare Services
ChipSoft's software portfolio serves a large portion of the Dutch healthcare market. Its HiX EHR platform is deployed across dozens of hospitals and healthcare institutions throughout the Netherlands. The ransomware attack creates cascading effects:
- Patient digital services (appointment portals, patient access systems) taken offline
- Healthcare provider systems potentially degraded or inaccessible during incident response
- Clinical workflows disrupted at facilities dependent on ChipSoft platforms
- Data security concerns for patients and staff whose records are managed within affected systems
Ransomware Targeting Healthcare: An Ongoing Crisis
This incident is part of a broader and deeply troubling trend. Healthcare organizations remain among the most targeted sectors by ransomware groups due to several factors:
- High operational urgency: Hospitals cannot afford extended downtime, increasing the likelihood of ransom payment
- Sensitive data value: Patient health records command high prices on dark web markets
- Legacy infrastructure: Many healthcare environments run outdated, unpatched systems
- Third-party risk: Healthcare IT vendors like ChipSoft serve as high-value targets since a single breach can cascade to dozens of client organizations
Previous major healthcare ransomware incidents include attacks on Change Healthcare, Ascension Health, and dozens of hospital systems globally throughout 2025 and into 2026.
ChipSoft Response
ChipSoft has not disclosed which ransomware group is responsible for the attack or whether any data was exfiltrated. The company appears to be working through incident response procedures, with services taken offline as a containment measure rather than due to complete system destruction.
Healthcare facilities using ChipSoft software were advised to follow their business continuity plans — including switching to paper-based fallback procedures where necessary — while ChipSoft works to restore services.
What Healthcare IT Vendors and Clients Should Do
For healthcare IT vendors:
- Conduct immediate review of externally facing systems for unpatched vulnerabilities
- Ensure offline backups are current and tested for restoration
- Implement network segmentation between development, production, and customer-facing environments
- Adopt multi-factor authentication across all administrative and developer access
For healthcare facilities using third-party EHR/IT vendors:
- Activate business continuity plans proactively, not reactively
- Verify that your data backup and recovery procedures are independent of vendor systems
- Ensure contract agreements include incident response SLAs and data breach notification obligations
- Review network connections to vendor systems and consider enhanced monitoring