Dutch medical software firm ChipSoft claims that all data stolen in the ransomware attack in early April has been destroyed. The company has not disclosed whether it paid a ransom to the attackers.
ChipSoft has confirmed that data stolen during a recent ransomware attack has been destroyed, stating that the process was carried out in a “technically sound manner.” However, the company has not disclosed the specific methods used for the destruction, nor has it confirmed whether a ransom was paid to the attackers. While negotiations with the threat actors had previously taken place, ChipSoft emphasized that protecting customer data remained its highest priority throughout the incident.
The cyberattack was first identified on April 7, when employees detected unusual activity within the company’s systems. Initially described as a “data incident,” the situation escalated when ChipSoft confirmed more than a week later that medical personnel data had been exfiltrated. In response, the company proactively took several of its key applications offline, including Zorgportaal, HiX Mobile, HAS Relay, and Zorgplatform, to contain the threat and prevent further exposure.
The attack has been attributed to the ransomware group Embargo, which had threatened to publish the stolen data. ChipSoft has neither confirmed nor denied whether it complied with ransom demands to prevent the release. Although authorities strongly discourage ransom payments, such actions are not illegal, leaving organizations to weigh operational and ethical considerations during crisis response.
ChipSoft, the largest provider of electronic health record (EHR) software in the Netherlands, holds a dominant position in the hospital sector, with over 70 percent market share. While its presence in general practice is comparatively smaller, it remains a significant player. According to Z-Cert, the impacted systems include HiX on-premises, HiX SaaS, and the SaaS-based patient portal hosted by ChipSoft.
Despite the severity of the breach, the company reports that recovery efforts are progressing “smoothly,” though it acknowledged that the process requires careful execution and time. Notably, healthcare institutions that manage their software independently or through third-party providers were not affected by the incident.
A forensic investigation into the attack is currently underway, with the initial point of entry still unknown. ChipSoft is working closely with Z-Cert, the Dutch Data Protection Authority, and the Centre for Cyber Security Belgium to assess the breach, strengthen defenses, and ensure compliance with regulatory requirements.
The incident highlights the growing risks facing healthcare technology providers, particularly as ransomware groups increasingly target sensitive medical data. As investigations continue, the focus remains on understanding the breach, restoring systems securely, and reinforcing safeguards to prevent future attacks.
Recommended Cyber Technology News :
- 200+ Japanese Firms Hit by Ransomware, 60% Data Loss
- dope.security Launches DOPAMINE DLP: AI-Driven Endpoint Data Loss Protection
- Online Services Company Hit by Cyberattack, Services Disrupted
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
