ChipSoft ransomware attack disrupts Dutch hospital software, with spillover reported in Belgium
5 min. read 
Published on
Dutch healthcare software provider ChipSoft has confirmed a serious cyber incident, and Z-CERT says it was a ransomware attack. The company’s outage forced precautionary shutdowns of several online healthcare services, including Zorgportaal, HiX Mobile, and Zorgplatform, which many hospitals use for patient access and communication.
The attack matters because ChipSoft is one of the biggest electronic health record software suppliers in the Netherlands. Reports say its HiX platform is widely used across Dutch hospitals, so even a limited outage can ripple through patient portals, support desks, and hospital-to-hospital coordination.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
Right now, the clearest confirmed picture is this: Z-CERT says ChipSoft was hit on April 7, 2026, the company took key services offline as a precaution, and recovery is happening in stages with new login credentials for users. Z-CERT also says it has not seen critical care processes come to a halt so far, even though hospitals are dealing with operational disruption.
What happened and what went offline
Z-CERT’s April 9 update says ChipSoft was struck by ransomware on April 7. Since then, the Dutch healthcare cyber response team says it has stayed in constant contact with ChipSoft, healthcare institutions, and other partners to monitor the situation and support the response.
In the same update, Z-CERT says ChipSoft told customers that connections to Zorgportaal, HiX Mobile, and Zorgplatform were shut down as a precaution. The company then began restoring systems in phases and issuing new credentials to users.
This detail matters because those services sit close to the patient-facing side of hospital IT. When they go offline, the immediate impact often shows up in appointment access, portal logins, phone support, and staff workload rather than in direct interruption of frontline care. Z-CERT says that is what it is seeing so far.
Hospitals saw disruption, but not a full care shutdown
Z-CERT says the failure of parts of ChipSoft’s software has mainly created logistical challenges. It says healthcare institutions have added staff at service desks and phone lines, and have increased telephone coordination between organizations.
The agency also says no critical care processes are known to have stopped at this stage. That makes this a serious healthcare cyberattack, but not one that has yet been publicly tied to a broad shutdown of urgent medical services.
Reporting from The Record adds that ChipSoft disabled the affected connections while it restores systems in stages and reissues credentials. Separate reporting from The Register says hospitals use ChipSoft software in different ways, which helps explain why some saw more visible disruption than others.
Belgian hospitals now appear affected too
The attack no longer looks limited to the Netherlands. Belgian media and Anadolu Agency reported that several Belgian hospitals also saw patient portal disruptions tied to the ChipSoft incident. Those reports named hospitals in Antwerp, Limburg, and Roeselare among the affected organizations.
At this stage, the strongest official confirmation still comes from Z-CERT on the Dutch side. I did not find a matching Belgian national cyber advisory with the same level of detail in the sources I checked, so the Belgium impact should be treated as reported by media rather than fully detailed by an official sector-wide bulletin.
That distinction matters. The ransomware incident itself is confirmed by an official healthcare cybersecurity body, while the cross-border impact is supported by current reporting but remains less fully documented in official public notices.
ChipSoft ransomware attack at a glance
| Item | Confirmed detail |
|---|---|
| Victim | ChipSoft, Dutch healthcare software vendor |
| Attack type | Ransomware |
| Date reported to Z-CERT | April 7, 2026 |
| Services taken offline | Zorgportaal, HiX Mobile, Zorgplatform |
| Current effect described by Z-CERT | Logistical disruption, extra service-desk load, more phone coordination |
| Critical care halted? | Z-CERT says no critical care processes are known to be stopped so far |
| Recovery status | Systems being restored in phases, new credentials issued |
| Belgium impact | Reported by media, not yet matched by equally detailed public official notice in sources reviewed |
Sources: Z-CERT update and follow-up reporting.
What healthcare organizations should do now
- Follow ChipSoft’s containment and credential-reset guidance if you use its systems. Z-CERT says new access credentials are being issued as systems come back online.
- Watch for unusual traffic and suspicious activity around connected hospital systems. Reporting on Z-CERT’s guidance says healthcare institutions were urged to disconnect VPN links and monitor traffic closely.
- Prepare for operational strain even if core care systems stay up. Z-CERT says service desks and phone channels already face added pressure.
- Treat this as a supply chain-style healthcare disruption, because one vendor issue can ripple across many hospitals at once. That point is an inference from ChipSoft’s role and the multi-hospital impact described in current reporting.
FAQ
Yes. Z-CERT explicitly says ChipSoft became the victim of a ransomware attack on April 7, 2026.
Z-CERT says connections to Zorgportaal, HiX Mobile, and Zorgplatform were disabled as a precaution.
Yes, based on the latest official update. Z-CERT says the incident has created logistical challenges, but it has not seen critical care processes come to a halt so far.
Several current reports say Belgian hospitals also saw outages or patient portal disruption linked to the ChipSoft incident. However, in the sources reviewed, the most detailed official confirmation remains the Dutch Z-CERT update.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages