Ransomware Attack Disrupts Dutch Healthcare Software Provider ChipSoft

Severity: High (Score: 71.0)

Sources: Databreaches, Ioplus.Nl, Theregister

Summary

On April 7, 2026, ChipSoft, a leading Dutch healthcare software vendor, suffered a ransomware attack that rendered its website and services offline. The company manages patient records for approximately 80% of hospitals in the Netherlands, making the breach a significant threat to national healthcare infrastructure. Following the attack, Z-CERT, the Dutch healthcare computer emergency response team, confirmed unauthorized access to ChipSoft's systems and advised hospitals to audit their networks for unusual activity. As a precaution, at least eleven hospitals disconnected their patient portals from ChipSoft's systems to mitigate further risks. Although many hospitals continued operations, the inability for patients to access their records online severely hampered workflows. The attack highlights ongoing vulnerabilities in the healthcare sector, which has faced increasing ransomware threats in recent years. No specific group has been identified as responsible for the attack at this time. Key Points: • ChipSoft provides software to 80% of Dutch hospitals, making the attack highly impactful. • At least eleven hospitals disconnected from ChipSoft to prevent ransomware spread. • Z-CERT confirmed the attack and is working with affected institutions to assess the situation.

Key Entities

• Ransomware (attack_type)
• AZ Monica (company)
• ChipSoft (company)
• Clinical Diagnostics (company)
• Erasmus MC (company)
• Ikazia Hospital (company)
• Belgium (country)
• Netherlands (country)
• Healthcare (industry)
• T1021 - Remote Services (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1486 - Data Encrypted for Impact (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• HiX (platform)
• Nova (ransomware_group)