Ransomware Attack Takes ChipSoft HiX EHR Platform Offline Across Dutch and Belgian Hospitals
What Happened — On April 7 2026, Dutch healthcare‑IT vendor ChipSoft was hit by a ransomware campaign that forced its flagship HiX electronic health‑record (EHR) platform, along with related portals (Zorgportaal, HiX Mobile, Zorgplatform), offline. The outage affected multiple hospitals in the Netherlands and Belgium, prompting emergency credential resets and phased service restoration.
Why It Matters for TPRM —
- Disruption of core clinical workflows can translate into contractual penalties and reputational damage for healthcare providers.
- Ransomware on a third‑party EHR vendor demonstrates the need for continuous monitoring of vendor security posture and incident‑response readiness.
- Credential rotation and service downtime highlight gaps in vendor‑managed access controls that downstream organizations must verify.
Who Is Affected — Healthcare providers (hospitals, clinics) relying on ChipSoft’s HiX EHR system in the Netherlands and Belgium; patients whose portal access was blocked.
Recommended Actions —
- Review your contract’s service‑continuity and breach‑notification clauses with ChipSoft.
- Verify that ChipSoft has completed a forensic investigation, applied patches, and hardened its environment.
- Ensure your organization can operate with temporary manual records processes if the EHR is unavailable.
- Conduct tabletop exercises that include a ransomware scenario affecting a critical SaaS vendor.
Technical Notes — The ransomware entry vector has not been disclosed; Z‑CERT is coordinating the response. No specific CVEs were cited. Affected data types include patient portal credentials and potentially cached clinical notes, though no confirmed data exfiltration has been reported. Source: SecurityAffairs