ChipSoft under Ransomware Attack exposes the fragility of digital health in hospitals in the Netherlands

This week the Dutch health software provider ChipSoft was forced to disconnect several of his digital services after suffering a ransomware attack that affected both his web and platforms used by patients and health professionals. ChipSoft is responsible for HiX, one of the most widespread electronic medical history (EHR) systems in hospitals in the Netherlands, and the interruption forced the company to warn medical centres about "possible unauthorized access" while working to contain the incident. You can check the initial confirmation in local media such as NOS and the technical note published by the Internet security incident response team in the Dutch health field, Z-CERT, on its portal Z-CERT.

From the first public report, which some users shared in forums such as Reddit, ChipSoft made the preventive decision to cut off connections to patient-oriented tools and health personnel - including Zorgportaal, HiX Mobile and Zorgplatform - to prevent the intrusion from spreading. This measure potentially protects other organizations, but also leaves them momentarily without access to regular portals and applications, with the resulting operational impact in several hospitals.

In practice, some health institutions reported patient portals and mobile services interruptions. Centres such as the Sint Jans Gasthuis in Weert, the Laurenius in Roermond, the VieCuri in Venlo and the Flevo Hospital in Almere reported problems in access to certain digital services due to the disconnection measures taken, as reported by local media such as L1 Nieuws and 1Almere. Z-CERT has noted that it is working with ChipSoft and health centres to assess the scope and facilitate recovery.

Although a provider who "only" offers software seems to be a less critical target than a hospital, in fact the attackers find in these suppliers a very cost-effective door: a single provider can manage data and access from multiple hospitals, concentrating on the same target large volumes of sensitive information and entry paths to interfere with care services. this concentration makes health system providers strategic targets for groups dedicated to the Ransomware, and the impact can go beyond loss of confidentiality, achieving continuity of care.

The decision to cut connections and call for organizations to disconnect from the affected services is common in the early response phases: it reduces the risk of spread and gives security equipment room for analysis and cleaning of systems. However, it also requires hospitals to use alternative procedures - paper registration, telephone calls, or independent local systems - to continue to care for patients until normal is recovered, which increases workload and error margin.

This episode is not isolated. In recent years, incidents involving health IT providers have increased, with consequences ranging from temporary interruptions to sensitive personal data leaks. Recent cases that have transcended mediatically show how a gap in a supplier can impact millions of histories and services. Therefore, agencies and regulators insist that cybersecurity must be incorporated from design into all solutions that handle health data. For those who want to contextualize the risk at European level, bodies such as the European Union Agency for Cybersecurity ( ENISA) and the Netherlands National Cybersecurity Centre ( NCSC Nederland) publish guides and recommendations.

From a legal perspective, these incidents often activate reporting obligations under data protection regulations. The organisations concerned shall assess whether there was a personal disclosure and, where appropriate, inform the authorities and stakeholders in accordance with the General Data Protection Regulation (GDPR). To understand these obligations in a practical way, there are public remedies such as GDPR.eu.

For patients and professionals who are affected right now, the immediate steps to be taken into account are simple but important: following the official directions of the hospital, maintaining communication through the channels that the centre enables (both for appointments and for medical consultations), and keeping any alternative documentation generated during the contingency. From a technical point of view, organizations should prioritize safe restoration from reliable copies, system integrity verification and comprehensive review of privileged access.

The clearest lesson is that digital health must be treated as critical infrastructure. Recent incidents highlight the need for investment in health-specific cyberresilience: network segmentation, tested incident response plans, isolated backup and contracts that require suppliers and subcontractors to maintain robust controls. In addition to technical investments, transparent communication with patients and professionals during and after an incident is key to maintaining confidence.

ChipSoft has informed its customers that it works to minimize impact and restore services; Z-CERT remains involved in technical coordination. Research into the extent of the attack and whether sensitive data have been exfiltered continues, and authorities and health centres will continue to report as progress is made in containment and recovery.

To follow the evolution of the incident and the official instructions, it is appropriate to consult the pages of the hospitals involved and the communications of Z-CERT in your portal as well as reports from national media such as NOS.