Ransomware Attack Disrupts ChipSoft’s Dutch EHR Services, Affecting Multiple Hospitals
What Happened — Dutch healthcare‑IT vendor ChipSoft confirmed a ransomware intrusion that forced the shutdown of its website and core digital health platforms (Zorgportaal, HiX Mobile, Zorgplatform). The outage impacted patient‑facing services at several hospitals, including Sint Jans Gasthuis, Laurentius, VieCuri, and Flevo.
Why It Matters for TPRM —
- Ransomware on a primary EHR provider can halt clinical workflows, jeopardizing patient safety and regulatory compliance.
- Disruption reveals gaps in vendor incident‑response and business‑continuity planning that third‑party risk programs must evaluate.
- Potential exposure of protected health information (PHI) remains unverified, heightening data‑privacy risk.
Who Is Affected — Healthcare providers (hospitals, clinics) in the Netherlands that rely on ChipSoft’s HiX EHR platform; downstream vendors and partners integrating with ChipSoft APIs.
Recommended Actions —
- Review ChipSoft’s contractual security clauses, incident‑response SLA, and business‑continuity provisions.
- Verify that your organization has an alternate access plan for EHR data (offline backups, manual workflows).
- Request evidence of ChipSoft’s post‑incident forensic analysis and remediation steps.
Technical Notes — The ransomware vector has not been disclosed; no specific CVEs or malware families were identified. Attack prompted immediate disabling of all external connections to ChipSoft’s digital health services. Source: BleepingComputer