ChipSoft Ransomware Attack Hits Dutch Hospitals: Patient Record Systems Impacted

A significant ransomware attack on ChipSoft, a leading Dutch provider of electronic patient record (EPR) software, has sent ripples through the Netherlands’ healthcare infrastructure. The incident has forced the company to isolate its environments and has left healthcare providers scrambling to secure their connections to the vendor’s systems.

The breach is particularly critical given ChipSoft’s market dominance; the company provides essential healthcare systems to an estimated 70 percent of Dutch hospitals according to NOS. Because these systems are used to process patient information and streamline hospital operations, any prolonged disruption threatens to paralyze core medical workflows.

Whereas ChipSoft has confirmed a “data incident” involving “possible unauthorized access,” the company has been cautious about the specific nature of the attack. However, Z-Cert—the expertise center for digital security in healthcare—informed zorginstellingen (healthcare institutions) in a confidential message that the company was hit by ransomware via NOS.

The immediate fallout included the total unavailability of the company’s website and urgent advisories for clients to sever their VPN connections to ChipSoft to prevent the lateral movement of the attack into hospital networks as reported by Skipr.

Scope of the Breach and Affected Systems

The technical scope of the attack appears broad, impacting several tiers of ChipSoft’s service offerings. According to reports from Tweakers, the affected software includes HiX on-premise, HiX SaaS, and the SaaS Patient Portal hosted via ChipSoft via Skipr. The cloud environment used by general practitioners (huisartsen) has also been hit.

Scope of the Breach and Affected Systems

A primary point of concern for security experts is how the attackers may have gained entry. Notice indications that the hackers might have accessed the web link that connects patient records to the internet—the same interface that allows patients to view their own medical data per NOS. Despite this vulnerability, most hospitals have not taken their patient portals offline.

The potential for data theft is a central issue. ChipSoft has stated it cannot rule out that personal data may have been viewed or stolen according to NOS. The company claims We see taking all reasonable measures to limit the adverse consequences of the incident.

Systemic Risk in Healthcare Supply Chains

This incident highlights a growing vulnerability in the global healthcare sector: the reliance on a single software vendor for critical infrastructure. When a market leader like ChipSoft is compromised, the risk is not limited to the vendor but extends to every hospital and clinic utilizing their tools.

Z-Cert had previously warned healthcare organizations about the necessity of creating a “digital emergency kit” to ensure that essential processes can continue even if primary systems proceed offline as noted by Skipr. The center has consistently emphasized that healthcare providers must monitor not only their own internal security but also the security posture of their third-party suppliers.

The current situation serves as a real-world test of these contingencies. While it remains unclear if hospitals have had to fall back on these emergency kits, the advice from Z-Cert has been clear: clients must closely monitor their network traffic to detect any signs of intrusion originating from the compromised vendor per NOS.

Key Takeaways of the ChipSoft Incident

  • Market Impact: Approximately 70 percent of Dutch hospitals rely on ChipSoft software via NOS.
  • Affected Services: The attack impacted HiX (on-premise and SaaS), the SaaS Patient Portal, and the cloud environment for GPs via Skipr.
  • Security Response: Z-Cert advised all healthcare clients to disconnect VPN connections to ChipSoft immediately via Skipr.
  • Data Risk: ChipSoft acknowledges that unauthorized access occurred and cannot exclude the theft of personal data via NOS.

As the investigation continues, the focus remains on the restoration of services and the determination of exactly what data was compromised. Healthcare providers are urged to follow the guidance provided by Z-Cert and maintain heightened vigilance over their network traffic.

Further updates are expected as ChipSoft continues its efforts to mitigate the impact and restore full functionality to its systems. We encourage readers to share this report and depart their thoughts on the resilience of healthcare digital infrastructure in the comments below.

Leave a Comment