ChipSoft, a Netherlands-based provider of electronic patient record software, has confirmed that patient data was stolen during a ransomware attack affecting its systems and connected healthcare institutions.
The company stated that a forensic investigation found that attackers had accessed and exfiltrated personal data, including medical records, from “several Dutch customers.” The confirmation follows earlier uncertainty about whether sensitive patient information had been compromised.
The incident stems from a ransomware attack identified earlier in April 2026. According to Z-CERT, the computer emergency response team for the Dutch healthcare sector, the attack targeted systems used by hospitals, general practitioners, and other healthcare providers.
ChipSoft develops software used to manage electronic health records, including its HiX platform, which is integrated into a large share of Dutch healthcare infrastructure. Reporting indicates that roughly 70% of hospitals in the Netherlands use the company’s systems, increasing the potential reach of the incident.
Following the attack, healthcare institutions were advised to disconnect from ChipSoft systems and monitor their networks for suspicious activity. Some hospitals temporarily disabled patient portals and digital services as a precaution.
Initial statements from the company indicated that it could not confirm whether patient data had been accessed. As the investigation progressed, ChipSoft updated its position and confirmed that data theft had occurred.
The company reported that affected healthcare organisations have been notified. It also stated that institutions managing the software independently or through separate third parties were not impacted by the breach.
According to Dutch media cited in reporting, at least 66 healthcare institutions have filed data breach notifications with the national data protection authority.
The attack disrupted access to digital health services, including patient portals and internal systems used for managing medical records. Hospitals reported operational impacts such as longer wait times and reliance on alternative processes while systems were unavailable.
ChipSoft stated that the investigation is ongoing and that additional findings will be shared with affected organisations as they become available. No details have been disclosed regarding the identity of the attackers or the method used to gain access.
Government officials have also responded to the incident. Dutch authorities stated that the company is expected to conduct a full investigation into the breach and provide clarity on the scope of the exposure.