Ransomware Hit the Company That Runs 80% of Dutch Hospitals

6 min read Original article ↗
Empty hospital hallway with fluorescent lighting and medical equipment along the walls

TL;DR: ChipSoft, the software vendor whose HiX platform manages patient records at roughly 70–80% of Dutch hospitals, was hit by ransomware on April 7, 2026. Eleven hospitals disconnected their systems. ChipSoft disabled its Zorgportaal patient portal, HiX Mobile, and Zorgplatform connections. The company confirmed “possible unauthorized access” and says it “cannot rule out that patient data has been accessed or stolen.” No ransomware group has claimed responsibility. Z-CERT, the Dutch healthcare emergency response team, told hospitals to cut their VPN connections to ChipSoft and audit traffic logs. Names, national identification numbers, diagnoses, treatment histories, insurance details—all of it potentially exposed because an entire country’s healthcare sector bet everything on a single vendor.

What Happened

On April 7, ChipSoft’s systems went dark. The company’s website vanished. Z-CERT received notification of a ransomware attack and immediately began coordinating with hospitals across the Netherlands [1].

ChipSoft builds HiX, the electronic health record platform that runs between 70% and 80% of Dutch hospital operations—depending on who’s counting [1][2]. That includes patient records, clinical documentation, scheduling, lab results, and provider-to-patient communication. When HiX goes down, hospitals don’t just lose a computer system. They lose the ability to look up what medications a patient is on, what allergies they have, what procedures they’re scheduled for.

As a precaution, ChipSoft shut down three external-facing services [3]:

  • Zorgportaal — the patient portal where people access their medical records
  • HiX Mobile — mobile access for healthcare providers
  • Zorgplatform — the data exchange platform connecting hospitals to each other

Eleven hospitals disconnected from ChipSoft entirely. Nine of those relied heavily on HiX for comprehensive record-keeping—meaning they were flying blind, reverting to paper records and phone calls [1].

Which Hospitals Were Hit

The hospitals that disconnected include [3][4]:

  • Sint Jans Gasthuis (Weert)
  • Laurentius Hospital (Roermond)
  • VieCuri Medical Center (Venlo)
  • Flevo Hospital (Almere)
  • Leiden University Medical Center (LUMC) — one of the Netherlands’ most prominent academic hospitals

Other hospitals reported no disruptions. Rijnstate Hospital in Arnhem said its systems were unaffected. Antoni van Leeuwenhoek Hospital in Amsterdam—a cancer treatment center—said “care for our patients continues as usual.” Franciscus Hospital in Rotterdam and Frisus MC also reported no impact [4].

Z-CERT confirmed that “no critical care processes have come to a standstill,” but the disruptions forced hospitals to increase staffing at service desks and shift communication to telephone systems [3]. That’s the polite way of saying: doctors couldn’t pull up patient records on a screen, so they picked up the phone and called around.

Patient Data: “Cannot Rule Out”

Here’s the part that should concern every person in the Netherlands who has been to a hospital in the last decade.

ChipSoft confirmed a “data incident” involving “possible unauthorized access” and said it “cannot rule out that patient data has been accessed or stolen” [2][3]. The records stored in HiX contain [2]:

  • Full names and addresses
  • National identification numbers (BSN)
  • Medical diagnoses and treatment histories
  • Insurance details
  • Lab results and clinical notes

LUMC said it found “no indications their patient data leaked” [3]. But LUMC is an academic hospital with its own IT infrastructure and likely runs HiX in an isolated environment. Smaller hospitals that rely entirely on ChipSoft’s hosted services? Different story.

“Cannot rule out” is corporate speak for “we don’t know yet.” And when you don’t know whether the medical records of 17 million Dutch citizens were stolen, that’s not a data incident. That’s a national security problem.

The Single-Vendor Problem

This is the part nobody wants to talk about.

When one company controls 70–80% of a country’s hospital patient record systems, a single ransomware attack becomes a systemic risk to the entire healthcare sector. This isn’t a bug. It’s a design choice—decades of consolidation, procurement convenience, and cost-cutting that concentrated critical healthcare infrastructure into one company’s hands.

The Netherlands is a country of 17.8 million people. If ChipSoft’s systems were fully compromised, the attackers would potentially have access to most of the nation’s hospital patient records. That’s diagnoses, prescriptions, surgeries, mental health records, HIV status, pregnancy records—everything.

Z-CERT director Wim Hafkamp put it plainly: “Digital outage is not an abstract IT problem. It concerns people” who need care [1].

He’s right. But the question isn’t why this happened. It’s why anyone thought this wouldn’t happen. Putting one vendor in charge of an entire country’s healthcare records is like putting all your eggs in one basket and then leaving the basket on the internet.

The Response

Z-CERT issued a confidential memo advising hospitals to [2][3]:

  • Disconnect VPN connections to ChipSoft immediately
  • Audit network traffic for suspicious activity during the incident period
  • Report any unusual findings to Z-CERT

ChipSoft has been restoring systems in stages and issuing new login credentials [3]. The company’s public website remained offline for over a day after the attack.

No ransomware group has claimed responsibility as of April 12 [1][3]. That silence is unusual—most ransomware operators claim their attacks quickly to begin extortion negotiations. Either this is a group that operates quietly, the negotiations are happening behind closed doors, or the attackers haven’t yet decided what to do with what they found.

Healthcare Ransomware Is Getting Worse

ChipSoft joins a growing list of healthcare infrastructure attacks in 2026. In the US alone, 301 million patient records were exposed in HIPAA-reported breaches in 2025—nearly the entire population [5]. Change Healthcare’s attack in 2024 disrupted pharmacy operations across the country for weeks and affected 100 million people.

The pattern is consistent: attackers target healthcare because the data is extraordinarily valuable (medical records sell for 10–40x more than credit card numbers on dark web markets) and because hospitals will pay to get systems back online when patient care is at stake.

The Netherlands has strong data protection laws under GDPR. But GDPR didn’t stop this attack. Regulations can’t patch a server. They can’t prevent a phishing email from landing. They can only punish after the damage is done—and by then, your medical records are already on someone else’s hard drive.

If You’re a Patient in the Netherlands

  • Check with your hospital: Ask your healthcare provider if they use ChipSoft/HiX and whether your records may have been affected
  • Monitor your identity: If your BSN was exposed, watch for signs of identity fraud—unusual credit applications, government correspondence you didn’t expect, unfamiliar medical bills
  • Request your records: Under GDPR Article 15, you have the right to request a copy of your personal data and information about who has accessed it
  • Contact the Dutch Data Protection Authority (AP): If you believe your data was mishandled, file a complaint at autoriteitpersoonsgegevens.nl

References

  1. The Register — Ransomware knocks Dutch healthcare software vendor offline (April 8, 2026)
  2. gblock.app — Ransomware Hit the Company That Runs 80% of Dutch Hospitals’ Patient Records (April 2026)
  3. The Record — Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft (April 2026)
  4. NL Times — Ransomware attack on company that manages Dutch hospitals’ patient files (April 8, 2026)
  5. HIPAA Journal — 2025 Healthcare Data Breach Report (2026)

Published: April 12, 2026