Healthcare software company ChipSoft hit by ransomware attack

A ransomware attack has disrupted Dutch healthcare software provider ChipSoft, temporarily forcing parts of its systems offline and prompting precautionary shutdowns at several hospitals.

What happened

According to the Register, Dutch healthcare software vendor ChipSoft was hit by a ransomware attack on April 7, 2026, forcing parts of its digital infrastructure offline, including its public-facing website. The company, which provides electronic patient record systems to around 80% of hospitals in the Netherlands, experienced widespread disruption. While its email systems remained operational, the outage affected access to some services.

Despite the attack, most hospitals continued functioning, although at least 11 healthcare facilities temporarily shut down their ChipSoft systems as a precaution.

Going deeper

The ransomware element of the attack was confirmed by Z-CERT, the Netherlands’ cybersecurity response team for the healthcare sector.

ChipSoft’s systems are deeply embedded in Dutch healthcare operations, meaning any disruption carries national-level implications. Even though core hospital services remained largely intact, the reliance on a single vendor indicates a critical supply chain vulnerability.

The identity of the attackers has not yet been disclosed, and it remains unclear whether data was exfiltrated or encrypted.

What was said

In its advisory, Z-CERT confirmed the nature of the incident, stating: “On April 7, 2026, Z-CERT received notification that ChipSoft has fallen victim to a ransomware attack.” The organization added that it is actively working with stakeholders to understand the scope of the breach, noting “Z-CERT is in contact with ChipSoft, healthcare institutions, and our partners. We are working hard to assess the impact of the incident.”

Z-CERT leadership also highlighted the real-world consequences of such cyberattacks on healthcare delivery. Director Wim Hafkamp warned: “Digital outage is not an abstract IT problem. It concerns people who need care.” He further emphasized the importance of preparedness, adding that cyber incidents can “directly affect patients and healthcare providers,” reinforcing the need for strong disaster recovery planning.

In the know

Ransomware is a malicious cyberattack in which criminals gain access to an organization’s computer systems, encrypt important files, and then demand payment to restore access. These attacks typically begin when a user unknowingly clicks a phishing email, downloads infected software, or when attackers exploit security vulnerabilities in outdated systems. Once inside a network, ransomware can spread quickly, locking down critical systems and disrupting normal operations.

Why it matters

Ransomware attacks targeting healthcare organizations are on the rise. The 2025 Paubox Healthcare Email Security Report states that “Since 2018, ransomware attacks on healthcare organizations have surged by 264%.” These attacks typically begin with phishing emails, compromised login credentials, or exploitation of unpatched software vulnerabilities that allow attackers to quietly infiltrate a network. The impact on healthcare providers can be severe, leading to delays in patient care, canceled procedures, and reliance on backup or manual systems.

See also: HIPAA Compliant Email: The Definitive Guide (2026 Update)

FAQS

Can ransomware attacks be prevented?

While no system is completely immune, risks can be reduced through regular software updates, staff training, strong access controls, multi-factor authentication, and secure data backups.

Why are ransomware attacks increasing in healthcare?

Cybercriminals are more frequently targeting healthcare institutions due to the vast amount of data they possess. Additionally, downtime is highly disruptive, making organisations more likely to consider paying ransoms to restore access quickly.