Ransomware hits Dutch EHR vendor ChipSoft, knocks hospital portals offline

ChipSoft, the Dutch supplier behind the HiX electronic health record platform used across much of the Netherlands, has been hit by ransomware and pulled its Zorgportaal, HiX Mobile, and Zorgplatform services offline as a containment measure. The company’s internal memo to customers warned of “possible unauthorized access” and instructed healthcare institutions to disconnect from its systems during cleanup. Z-CERT, the Dutch healthcare CERT, has confirmed the incident and is coordinating recovery with affected providers.

Impact reports are inconsistent: some outlets say patient-facing systems are functioning, but outages are confirmed at Sint Jans Gasthuis (Weert), Laurentius (Roermond), VieCuri (Venlo), and Flevo (Almere), with later reports indicating Belgian hospitals were also affected. ChipSoft has not publicly detailed the ransomware strain or scope of data exposure.

The incident continues a pattern of ransomware operators targeting healthcare IT consolidators rather than individual hospitals — CareCloud disclosed a breach last month, and Cognizant’s TriZetto exposed 3.4 million records in March. Compromising one EHR vendor delivers leverage over dozens of downstream care providers and their patient data simultaneously, which is why these hubs keep drawing attention.