Skip to main content
Cyber News & CTI Reports :: 2026-04-09 | Healthcare IT solutions provider ChipSoft hit by ransomware attack
Contact Page | Privacy Policy

2026-04-09 | Healthcare IT solutions provider ChipSoft hit by ransomware attack

1. AI Summary

Dutch healthcare vendor ChipSoft suffered a ransomware attack, disrupting its EHR platform HiX and causing outages at multiple hospitals. Z-CERT confirmed the incident, leading to service shutdowns as a precaution. Threat actors likely targeted sensitive healthcare data.

2. IOCs

IOC Type Value Description Relevant MITRE ATT&CK Techniques
Company ChipSoft Target of ransomware attack impacting healthcare services None

3. MITRE ATT&CK

Code Title
T1190 Web Application Exploitation (Initial access via compromised web services)
T1071 Application Layer Protocol (C2 via standard protocols)
T1055 Defense Evasion (Disabling tracking mechanisms)
T1486 EventTriggered (Unauthorized access triggering alerts)
T1085 Boot or Firmware Observer (Potential manipulation of system startup)

4. Targets

Type Value
Company Healthcare institutions using HiX platform
Country Netherlands
Sector Healthcare

5. Article Details

6. Original text

Dutch

Healthcare
software vendor
ChipSoft
has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and
Healthcare
providers.
ChipSoft
is a large provider of Electronic Health Record (EHR) systems in the
Netherlands
. Its flagship platform, HiX, is used by many Dutch hospitals. Earlier this week, users on Reddit reported that the digital solutions developer for the 
Healthcare
sector was affected by a cybersecurity incident. Local media confirmed that the company was hit by a cyberattack, based on an internal memo 
ChipSoft
circulated to
Healthcare
institutions, alerting them of “possible unauthorized access.” The IT services provider reportedly assured
Healthcare
center operators that it was taking all measures to “limit the adverse consequences as much as possible,” while advising them to disconnect from its systems until the cleanup is completed. Yesterday, the country’s computer emergency response team for cybersecurity in
Healthcare
(Z-CERT) announced that a ransomware incident had impacted
ChipSoft
. The agency stated that it is working with the firm and
Healthcare
institutions to identify the impact and help them recover. As a precaution,
ChipSoft
disabled all connections to its Zorgportaal, HiX Mobile, and Zorgplatform digital health services. While some media outlets in the
Netherlands
said that most patient-facing systems are working normally, there have also been multiple reports that the same systems are unavailable at various hospitals. Confirmed reports about system outages concern Sint Jans Gasthuis in Weert, the Laurentius in Roermond, the VieCuri hospital in Venlo, and the Flevo Hospital in Almere. BleepingComputer has contacted
ChipSoft
to ask for more information about the incident, but we have not received a response by publication time.

Cyberattacks on

Healthcare
IT system providers can be very damaging and lucrative for threat actors, as these companies operate information hubs for multiple
Healthcare
centers, managing troves of sensitive data. Last month,
Healthcare
IT firm CareCloud disclosed a data breach incident that exposed sensitive data and caused a multi-hour service disruption. Earlier in March 2026, Cognizant’s
Healthcare
IT company, TriZetto Provider Solutions, suffered a data breach that exposed the sensitive information of over 3.4 million people .