A ransomware attack on a third-party healthcare solutions provider has disrupted operations at numerous Dutch hospitals.
The ransomware cyber attack affected Electronic Health Record (EHR) systems developer ChipSoft, which serves thousands of Dutch hospitals. Over 80 percent of hospitals across the Netherlands use its EHR systems to process patient data.
Upon detection, ChipSoft shut down its Zorgportaal, HiX Mobile, and Zorgplatform to prevent further compromise, rendering them inaccessible to both patients and healthcare providers.
Ransomware attack impacts Dutch healthcare solutions provider
ChipSoft has advised impacted Dutch hospitals to disconnect from its systems until the ransomware attack was resolved to avoid further compromise. The healthcare IT solutions provider is also restoring the impacted systems in phases, enabling some healthcare providers to access their patients’ data.
Additionally, the Netherlands Computer Emergency Response Team (Z-CERT) has confirmed the ransomware attack and said it is working with the electronic health records provider and the affected Dutch hospitals.
“As previously reported, software supplier ChipSoft was hit by a ransomware attack on Tuesday, April 7,” the agency stated. “Since that moment, Z-CERT has been in constant contact with ChipSoft, healthcare institutions, and other parties involved to monitor the situation and provide appropriate support.”
So far, the healthcare IT solutions provider has not attributed the cyber attack to any ransomware group or confirmed receiving any ransomware demands. Similarly, the company has not revealed how the attacker gained access, though it advised healthcare providers to disconnect from its virtual private network (VPN).
ChipSoft has also not disclosed if patient data was compromised, though it hinted at a “possible unauthorized access.” Typically, ransomware attacks begin with data exfiltration and the deletion of backups before device encryption.
Nevertheless, the healthcare solutions provider says it is taking all the necessary measures to limit the impact of the cyber attack.
So far, no hacking group has taken responsibility for the ransomware attack, and the healthcare IT solutions provider has not attributed the breach to any cybercrime gang.
Ransomware attack disrupts numerous Dutch hospitals
Several Dutch hospitals have reported disruptions, though many local media outlets say the ransomware attack had limited impacts on the country’s healthcare industry.
Dutch hospitals Sint Jans Gasthuis in Weert, the Laurentius in Roermond, the VieCuri hospital in Venlo, and the Flevo Hospital in Almere have reported disruptions due to the ransomware attack.
However, most hospitals can still access patient data, as they use ChipSoft’s EHR systems less intensively. According to local news outlet NOS, approximately 11 hospitals were affected.
Nonetheless, the ransomware attack has extended beyond Dutch hospitals and affected Hospital aan de Stroom, Hospital Oost-Limburg, and Delta Hospital in Belgium. While some hospitals’ patient portals were affected, the attack did not impact patient care or internal operations, nor has it leaked patient data.
Meanwhile, healthcare IT solutions providers are frequently targeted by cybercriminals to disrupt patient care and steal sensitive data, which attracts a premium price on underground hacking forums.
In March 2026, Cognizant-owned TriZetto Provider Solutions experienced a data breach that exposed the sensitive data of 3.4 million people.
