A Major Healthcare IT Vendor Under Attack
ChipSoft, a prominent Dutch vendor of Electronic Health Record (EHR) systems, has confirmed it was hit by a ransomware attack that knocked its website and several digital health services offline. The company's flagship platform, HiX, is widely deployed across hospitals in the Netherlands, making the incident particularly consequential for the country's healthcare infrastructure.
The attack came to public attention earlier this week when users on Reddit began flagging reports that ChipSoft had suffered a cybersecurity incident. Dutch local media subsequently confirmed the attack, citing an internal memo that ChipSoft had distributed to healthcare institutions. That memo warned of "possible unauthorized access" and urged connected organizations to disconnect from ChipSoft's systems while remediation efforts were underway.
Z-CERT Confirms Ransomware Incident
On April 9, 2026, the Netherlands' dedicated computer emergency response team for healthcare cybersecurity, known as Z-CERT, formally acknowledged that a ransomware incident had struck ChipSoft. The agency stated it is actively collaborating with ChipSoft and affected healthcare institutions to assess the scope of the damage and assist in the recovery process.
ChipSoft itself assured healthcare center operators that it was taking all necessary measures to "limit the adverse consequences as much as possible." As a precautionary step, the company disabled all connections to three of its digital health platforms: Zorgportaal, HiX Mobile, and Zorgplatform.
Hospital Outages Reported Across the Netherlands
The situation on the ground for hospitals has been mixed. While some Dutch media outlets reported that most patient-facing systems were continuing to function normally, numerous other reports indicated that systems were unavailable at several hospitals. Confirmed outages have been reported at the following institutions:
- Sint Jans Gasthuis in Weert
- Laurentius in Roermond
- VieCuri hospital in Venlo
- Flevo Hospital in Almere
BleepingComputer reached out to ChipSoft for additional details regarding the incident but had not received a response by the time of publication.
Impact Extends to Belgium
In an update published on April 10, 2026, it was reported that the ransomware attack on ChipSoft had also affected several hospitals in Belgium, broadening the geographic reach of the incident beyond the Netherlands. This cross-border impact underscores the interconnected nature of healthcare IT infrastructure and the cascading consequences a single vendor compromise can produce.
Why Healthcare IT Vendors Are High-Value Targets
Ransomware groups have increasingly set their sights on healthcare IT solution providers rather than individual hospitals, and for good reason. These vendors function as centralized information hubs serving multiple healthcare organizations simultaneously, giving attackers leverage over vast amounts of sensitive patient data and the ability to disrupt care across entire regional networks in a single strike.
The ChipSoft incident is the latest in a string of attacks targeting the healthcare IT sector. Just last month, healthcare IT firm CareCloud disclosed a data breach that exposed sensitive data and caused a multi-hour service disruption. Earlier in March 2026, TriZetto Provider Solutions — a healthcare IT company under Cognizant — suffered a data breach that exposed the sensitive information of more than 3.4 million people.
What Comes Next
The full scope of the ChipSoft breach remains under investigation. Z-CERT and ChipSoft have not yet disclosed which ransomware group is responsible, whether patient data was exfiltrated, or how the attackers initially gained access to the company's systems. Healthcare institutions that rely on ChipSoft's platforms have been advised to remain disconnected until the company gives the all-clear.
Given ChipSoft's central role in Dutch hospital operations — and now the confirmed spread of impact into Belgium — cybersecurity analysts will be closely watching how the company and national health authorities manage the disclosure and recovery process in the days ahead.
Source: BleepingComputer