A ransomware attack has affected ChipSoft, a Netherlands-based provider of electronic health record systems, leading to the shutdown of parts of its digital infrastructure.
ChipSoft develops software used by hospitals to manage patient data, including its HiX platform, which is widely used across healthcare institutions in the Netherlands. Following the incident, the company took its website and several digital services offline, including systems used by healthcare providers and patients.
Reports of the incident emerged earlier in the week, with users indicating that ChipSoft had experienced a cybersecurity issue. Local media later confirmed the attack, citing an internal communication sent by the company to healthcare organisations. The message referred to “possible unauthorized access” to its systems.
ChipSoft informed healthcare providers that it was taking measures to limit the impact of the incident and advised institutions to disconnect from its systems until remediation efforts are completed.
Confirmation that the incident involved ransomware was issued by Z-CERT, which stated that it is working with ChipSoft and affected organisations to assess the scope of the attack and support recovery efforts.
As part of its response, ChipSoft disabled connections to multiple services, including Zorgportaal, HiX Mobile, and Zorgplatform.
Reports on service availability varied. Some Dutch media outlets stated that most patient-facing systems remained operational, while other reports indicated outages at specific hospitals. Disruptions were reported at several facilities, including Sint Jans Gasthuis in Weert, Laurentius Hospital in Roermond, VieCuri Medical Center in Venlo, and Flevo Hospital in Almere.
According to the same reporting, some hospitals disconnected their systems as a precaution, while others continued operating patient portals depending on their reliance on ChipSoft software.
The identity of the attackers and the method of initial access have not been disclosed. ChipSoft had not responded to requests for additional information at the time of publication.