Pierluigi Paganini
April 10, 2026
ChipSoft, a major Dutch provider of EHR systems, was hit by a ransomware attack that forced it to take its website and digital services offline, disrupting access for hospitals, healthcare providers, and patients.
EHR (Electronic Health Record) is a digital version of a patient’s medical history, stored and managed by healthcare providers.
The company’s flagship HiX platform, widely used across the Netherlands, was impacted, with users reporting outages earlier this week.
The ransomware attack occurred on April 7, and the Dutch CERT Z-CERT has been coordinating closely with the vendor and healthcare institutions. As a precaution, access to key services like Zorgportaal, HiX Mobile, and Zorgplatform was disabled, with systems now being gradually restored and new credentials issued to users.
Hospitals have mainly faced logistical disruptions, such as increased calls and added support staff, according to the Dutch CERT, no critical care services have been halted. Z-CERT continues to assist by providing guidance, monitoring the situation, and helping organizations detect, respond to, and recover from the incident while minimizing its overall impact.
“As previously reported, software vendor ChipSoft was hit by a ransomware attack on Tuesday, April 7. Since then, Z‑CERT has been in constant contact with ChipSoft, healthcare institutions, and other involved parties to monitor the situation and provide appropriate support.” reports the Dutch Z‑CERT.
“ChipSoft maintains direct contact with users of the software and provides them with a course of action. In their communication, ChipSoft indicates that all connections to the Zorgportaal, HiX Mobile, and the Zorgplatform have been disabled as a precaution and are currently unavailable. ChipSoft has started bringing the systems back online in phases, during which users are receiving new login credentials. Z‑CERT continues to closely monitor these developments and will inform participants as soon as there is reason to do so.
Local media [1, 2] confirmed the cyberattack, citing an internal memo warning of possible unauthorized access. The company told healthcare providers it is working to limit the impact and advised them to disconnect from its systems until remediation and cleanup activities are fully completed.
Hospitals in Roermond and Weert closed patient portals after the ransomware attack on ChipSoft, blocking access to records and appointments. Care continues, but staff assist patients due to system outages. Other hospitals report limited or no impact, with systems monitored.
“Most hospitals have not taken their patient portals offline. Eleven hospitals have done so, according to a survey by the NOS. At least nine of these are hospitals that have linked their patient records to ChipSoft’s systems to a greater extent than most other hospitals.” reported the Dutch media NOS.
Patient portals at several Belgian hospitals also went offline after the cyberattack on ChipSoft. The disruption affected multiple facilities, highlighting the cross-border impact of attacks on shared healthcare IT providers.
“Online patient portals at several Belgian hospitals went offline following a cyberattack targeting a Dutch software provider, daily Le Soir reported Friday. The disruption affects patient portals at Hospital aan de Stroom in Antwerp, Hospital Oost-Limburg, and Delta Hospital in Roeselare.”
“The incident is linked to a cyberattack on Netherlands-based software company ChipSoft, which supplies electronic patient record systems and healthcare platforms.” reported the Belgian website AA.
Cyberattacks targeting healthcare IT providers are especially dangerous and attractive to threat actors because these companies act as centralized hubs serving many hospitals and clinics at once. By compromising a single provider, attackers can potentially access or disrupt multiple organizations simultaneously, amplifying the impact. These systems store and process vast amounts of highly sensitive data, such as medical records, personal information, and billing details, which can be exploited for extortion, fraud, or resale.
In addition, healthcare operations depend heavily on the availability of these platforms. Any disruption can affect patient care, creating urgency for rapid recovery. This pressure often makes victims more likely to pay ransoms, increasing the financial incentive for attackers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, healthcare)
