A ransomware attack on Dutch healthcare IT firm ChipSoft disrupted its EHR services across hospitals in the Netherlands and Belgium, with the HiX platform taken offline and key services such as Zorgportaal, HiX Mobile and Zorgplatform disabled as a precaution. The incident, which affected hospitals including those in Roermond and Weert, prompted the Dutch CERT Z-CERT to coordinate closely with ChipSoft and affected institutions, as systems are gradually being restored and users issued new login credentials.
Belgium also reported offline patient portals at several hospitals, including Hospital aan de Stroom in Antwerp, Hospital Oost-Limburg and Delta Hospital in Roeselare, highlighting the cross-border impact of vulnerabilities in a shared healthcare IT provider. The Dutch CERT noted that while most patient care continued, there were logistical disruptions and increased demand for support staff as organisations worked to recover.
ChipSoft and Z-CERT have said they are monitoring developments and guiding rapid detection, response, and recovery to minimise the overall impact. The attack underscores why compromises of central healthcare platforms can affect numerous hospitals and patient records, billing data, and appointments. The ransomware incident occurred on 7 April 2026, with authorities continuing to assess the scope and remediation progress.