Apr 09, 2026 · 6 min read
Ransomware Hit the Company That Runs 80% of Dutch Hospitals' Patient Records
ChipSoft went dark on April 7. Eleven hospitals pulled their portals offline, and the company cannot rule out that patient data was accessed or stolen.
What Happened
On April 7, 2026, ChipSoft, the company behind the electronic patient record systems used by roughly 80 percent of Dutch hospitals, was hit by a ransomware attack. The company's website went offline immediately, and Z-CERT, the Netherlands' healthcare emergency response team, confirmed the ransomware element the following day.
ChipSoft acknowledged a "data incident" involving "possible unauthorized access" but stopped short of confirming it as ransomware publicly. The company said it could not rule out that patient records had been viewed or stolen.
How Dutch Hospitals Responded
Despite ChipSoft going dark, most hospitals maintained access to their patient portals. According to NL Times, eleven hospitals disconnected their software as a precaution, nine of which were among the heaviest users of ChipSoft's systems. The remaining facilities continued operating normally.
Z-CERT issued a confidential memo advising customers to disconnect their VPN connections to ChipSoft and to audit their network traffic for suspicious activity. Several hospitals, including Rijnstate Hospital and Franciscus Hospital, reported that their patient data remained secure because it was stored in isolated or well secured environments rather than on ChipSoft's central infrastructure.
Why a Single Vendor Failure Matters
ChipSoft's dominance of the Dutch healthcare market means one successful attack can ripple across an entire country's medical infrastructure. When a single company manages patient records for four out of five hospitals, a ransomware incident is not a corporate IT problem. It is a public health event.
This pattern has played out before. The Stryker data wiper attack that destroyed 80,000 devices showed how healthcare supply chain compromises can cascade far beyond the original target. In both cases, recovery took weeks.
The Patient Data Risk
Healthcare records are among the most sensitive categories of personal data. They contain names, addresses, national identification numbers, diagnoses, treatment histories, and insurance details. Unlike a stolen password, you cannot reset your medical history.
If attackers did exfiltrate patient data, the consequences go beyond identity theft. Stolen medical records have been used to file fraudulent insurance claims, forge prescriptions, and in extreme cases, blackmail patients with sensitive diagnoses. Dutch authorities have not yet confirmed whether data was taken, and the group behind the attack remains unidentified.
What Patients Should Do
If you receive care at a Dutch hospital, there are steps you can take now:
- Monitor your health insurance statements for unfamiliar claims or treatments you did not receive.
- Be wary of phishing emails referencing your medical care. Attackers who obtain patient records often use them to craft convincing targeted phishing messages.
- Check with your hospital directly to confirm whether your facility was among the eleven that disconnected from ChipSoft.
- Request a copy of your records from your provider to verify nothing has been altered.
Healthcare Ransomware Is Accelerating
The ChipSoft attack is part of an accelerating trend. Nation state and hacktivist attacks on critical infrastructure doubled in the past year, and healthcare has become one of the most targeted sectors. A China linked threat actor known for deploying Medusa ransomware has been linked to recent high velocity attacks on healthcare organizations, exploiting both zero day and known vulnerabilities.
For healthcare providers, the lesson is architectural: patient data should be segmented from vendor networks, VPN connections to third parties should be monitored continuously, and backup systems need to function independently of any single software vendor. The hospitals that kept running through the ChipSoft incident were the ones that had already isolated their most sensitive systems.