Last weekend, while most people were catching up on sleep, a ransomware gang quietly disrupted Dutch healthcare. The target? ChipSoft โ the company that makes electronic health record (EHR) software for roughly 70โ80% of hospitals in the Netherlands.
Yes, the same software that tracks your X-rays, schedules your surgery, and reminds your doctor that you're allergic to penicillin. Encrypted. Held for ransom.
What happened: On April 7, 2026, attackers breached ChipSoft's internal network. Z-CERT, the Netherlands' computer emergency response team for healthcare, confirmed the ransomware element the following day. As a precaution, ChipSoft disabled connections to several of its platforms โ including Zorgportaal, HiX Mobile, and the Zorgplatform โ making them temporarily unavailable while systems are restored in stages.
Eleven hospitals disconnected their ChipSoft software from their networks following the attack, nine of which were among the heaviest users of ChipSoft's systems. Several hospitals โ including Sint Jans Gasthuis in Weert, Laurentius Hospital in Roermond, VieCuri Medical Center in Venlo, and Flevo Hospital in Almere โ reported systems being temporarily unavailable. ChipSoft confirmed a "data incident" involving "possible unauthorised access" and said it cannot rule out that patient data has been accessed or stolen.
Why this matters: Healthcare ransomware is not just about money. It's about people losing access to the records that guide their care. Fortunately, Z-CERT has confirmed that no critical care processes have come to a standstill โ hospitals increased staffing at service desks, expanded telephony support, and relied on manual workflows to maintain essential services. That said, Leiden University Medical Center (LUMC) has already postponed the rollout of a new ChipSoft-supplied electronic patient record system as a direct consequence of the incident.
This follows a familiar pattern. Belgium's AZ Monica hospital network in Antwerp was paralysed for days in January 2026, forcing staff to turn away ambulances and transfer critical patients. "Digital outage is not an abstract IT problem. It concerns people who need care," said Wim Hafkamp, director at Z-CERT. The identity of the attackers and any ransom demand remain unknown as of publication.
What you can do (if you work in healthcare IT): Assume you may already be compromised โ audit ChipSoft systems for unusual network traffic and report anything suspicious via Z-CERT's reporting line. Segment your network: patient data should be isolated from vendor networks and VPN connections to third-party systems need continuous monitoring. Test offline backups this week โ backups that exist only in cloud infrastructure are only as safe as that infrastructure. Have a rehearsed paper-based fallback workflow for when (not if) the EHR goes down.
For patients: Keep a physical list of your allergies, current medications, and surgical history. Check with your hospital whether they use ChipSoft's HiX system and whether your records may have been affected. Under GDPR Article 15, you have the right to request a copy of your personal data and information about who has accessed it. If you believe your data was mishandled, file a complaint with the Dutch Data Protection Authority (AP) at autoriteitpersoonsgegevens.nl.
Go ahead, share this. Then go check your own backup strategy.
Sources: The Register (8 Apr 2026), Recorded Future / The Record (9 Apr 2026), NL Times (8 Apr 2026), SC Media, Z-CERT advisory (8 Apr 2026).