Stolen patient data from Dutch firm ChipSoft destroyed after cyberattack

Dutch medical software firm ChipSoft claims that all data stolen in the ransomware attack in early April has been destroyed. The company has not disclosed whether it paid a ransom to the attackers.

The company’s cybersecurity experts confirmed the destruction in what ChipSoft calls a “technically sound manner.” The company has not specified exactly what that entails.

ChipSoft also does not disclose whether it paid the ransom. It was previously clear that negotiations with the attackers had taken place. “Protecting our customers’ data has always been our top priority. In this exceptional situation, that priority weighed very heavily,” the company stated.

From Initial Hack to Data Confirmation

The ransomware attack was discovered on April 7 by ChipSoft employees. The company initially referred to it as a “data incident,” but confirmed more than a week later that medical personal data had been stolen. ChipSoft took its applications Zorgportaal, HiX Mobile, HAS Relay, and Zorgplatform offline as a precautionary measure.

The attack was the work of the ransomware group Embargo, which threatened to publish the stolen data. ChipSoft has neither denied nor confirmed that it paid the ransom to prevent that publication. Such a payment is strongly discouraged by police and government officials, but it is not illegal.

Recovery is proceeding smoothly

ChipSoft is the largest provider of electronic health record software in the Netherlands, with a market share of over 70 percent among hospitals. The share is lower among general practices, but ChipSoft is a major player there as well. The affected software includes HiX on-premises, HiX SaaS, and the SaaS patient portal hosted via ChipSoft, according to Z-Cert.

The company reports that the recovery process is proceeding “smoothly,” but that this requires “care and time.” Healthcare institutions that manage the software in-house or have it managed by third parties were not affected.

The forensic investigation into the cause of the attack is still ongoing. How the attackers initially gained access to the systems has not yet been determined. ChipSoft is in contact with Z-Cert, the Dutch Data Protection Authority, and the Centre for Cyber Security Belgium.

Also read: Dutch Authority: Data theft via ransomware doubles in one year

Stolen patient data from Dutch firm ChipSoft destroyed after cyberattack

From Initial Hack to Data Confirmation

Recovery is proceeding smoothly

Stay tuned, subscribe!

SAS Viya brings data infrastructure and agentic AI closer to each other

VAST Data grows extremely fast and is highly profitable; IPO is on the horizon

DeepSeek is back with V4, slashing agentic AI costs

Why vulnerability counting fails: a new approach to risk ops

NetApp balances sovereignty with AI infrastructure needs

AI creates brand new attack surfaces in cloud security

Why only 25% of teams are ready for the Cyber Resilience Act

Agentic AI is reshaping the network – and it’s time to upgrade

Anthropic’s Mythos preview: why the human layer matters more, not less

Why SAST is growing in importance in the age of AI-generated source code

Infosecurity Europe announces first wave of keynote speakers for 2026

Team '26

Knowledge 26

GISEC GLOBAL 2026

Red Hat Summit

DevOpsCon London

Digitale soevereiniteit in de boardroom

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices