ChipSoft and Jessa Ziekenhuis: Ransomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium

Ransomware Attack on ChipSoft Disrupts EHR Services Across Dutch and Belgian Hospitals

On April 7, 2026, Dutch healthcare IT provider ChipSoft suffered a ransomware attack that forced the shutdown of its HiX platform and associated digital services, disrupting electronic health record (EHR) access for hospitals, healthcare providers, and patients in the Netherlands and Belgium.

ChipSoft, a major supplier of EHR systems, took its website and key services including Zorgportaal, HiX Mobile, and Zorgplatform offline as a precaution. The Dutch CERT, Z-CERT, has been coordinating with the company and affected institutions to manage the fallout. While critical care services remained operational, hospitals reported logistical challenges, such as increased call volumes and the need for additional support staff. Systems are now being restored in phases, with users receiving new login credentials.

At least 11 Dutch hospitals, including those in Roermond and Weert, temporarily closed patient portals, limiting access to medical records and appointments. Most facilities maintained care through manual processes. In Belgium, hospitals in Antwerp, Limburg, and Roeselare also experienced outages due to their reliance on ChipSoft’s systems.

The incident underscores the high-risk nature of attacks on healthcare IT providers, which serve as centralized hubs for multiple organizations. By targeting a single vendor, threat actors can disrupt operations across numerous hospitals, leveraging the urgency of healthcare services to pressure victims into paying ransoms. The attack highlights vulnerabilities in shared infrastructure and the cross-border impact of such breaches.

Source: https://securityaffairs.com/190615/cyber-crime/ransomware-attack-on-chipsoft-knocks-ehr-services-offline-across-hospitals-in-the-netherlands-and-belgium.html

ChipSoft Nederland cybersecurity rating report: https://www.rankiteo.com/company/chipsoft

Jessa Ziekenhuis cybersecurity rating report: https://www.rankiteo.com/company/jessaziekenhuis

"id": "CHIJES1775839162",
"linkid": "chipsoft, jessaziekenhuis",
"type": "Ransomware",
"date": "6/2015",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"

{'affected_entities': [{'customers_affected': 'Hospitals, healthcare '
                                              'providers, and patients in the '
                                              'Netherlands and Belgium',
                        'industry': 'Healthcare',
                        'location': 'Netherlands',
                        'name': 'ChipSoft',
                        'type': 'Healthcare IT Provider'},
                       {'industry': 'Healthcare',
                        'location': 'Netherlands',
                        'name': 'Hospitals in Roermond and Weert',
                        'type': 'Hospital'},
                       {'industry': 'Healthcare',
                        'location': 'Belgium',
                        'name': 'Hospitals in Antwerp, Limburg, and Roeselare',
                        'type': 'Hospital'}],
 'date_detected': '2026-04-07',
 'date_publicly_disclosed': '2026-04-07',
 'description': 'On April 7, 2026, Dutch healthcare IT provider ChipSoft '
                'suffered a ransomware attack that forced the shutdown of its '
                'HiX platform and associated digital services, disrupting '
                'electronic health record (EHR) access for hospitals, '
                'healthcare providers, and patients in the Netherlands and '
                'Belgium. ChipSoft took its website and key services including '
                'Zorgportaal, HiX Mobile, and Zorgplatform offline as a '
                'precaution. The Dutch CERT, Z-CERT, coordinated with the '
                'company and affected institutions to manage the fallout. '
                'While critical care services remained operational, hospitals '
                'reported logistical challenges, such as increased call '
                'volumes and the need for additional support staff. Systems '
                'are now being restored in phases, with users receiving new '
                'login credentials.',
 'impact': {'operational_impact': 'Disrupted EHR access, logistical '
                                  'challenges, increased call volumes, need '
                                  'for additional support staff',
            'systems_affected': ['HiX platform',
                                 'Zorgportaal',
                                 'HiX Mobile',
                                 'Zorgplatform']},
 'lessons_learned': 'The incident underscores the high-risk nature of attacks '
                    'on healthcare IT providers, which serve as centralized '
                    'hubs for multiple organizations. By targeting a single '
                    'vendor, threat actors can disrupt operations across '
                    'numerous hospitals, leveraging the urgency of healthcare '
                    'services to pressure victims into paying ransoms. The '
                    'attack highlights vulnerabilities in shared '
                    'infrastructure and the cross-border impact of such '
                    'breaches.',
 'response': {'containment_measures': 'Shutdown of HiX platform and associated '
                                      'digital services',
              'remediation_measures': 'Systems being restored in phases, users '
                                      'receiving new login credentials',
              'third_party_assistance': 'Z-CERT (Dutch CERT)'},
 'title': 'Ransomware Attack on ChipSoft Disrupts EHR Services Across Dutch '
          'and Belgian Hospitals',
 'type': 'Ransomware'}