The Cyber Express previously reported the ChipSoft cyberattack, in which ransomware actors stole patient data. Now, reports have surfaced from the Dutch medical software provider, noting that the compromised data has been destroyed, though key details about the incident remain undisclosed.  In an update issued on April 28, 2026, ChipSoft stated that all data collected during the cyberattack had been deleted. According to the company, cybersecurity specialists verified that the destruction was carried out in a “technically sound manner,” although no further explanation was provided about the methods used.  The company emphasized that preventing the publication of stolen data was a top priority. “With the support of cybersecurity experts, we managed to prevent the data from being published. Furthermore, the stolen data has been destroyed,” the statement read. However, ChipSoft has not clarified whether it paid a ransom to the attackers, despite earlier indications that negotiations had taken place.  “Protecting our customers’ data has always been our top priority. In this exceptional situation, that priority weighed very heavily,” the company added, hinting at the difficult decisions made during the ransomware attack response. 

Timeline of the ChipSoft Cyberattack 

The ChipSoft cyberattack first came to light in early April 2026. On April 12, ChipSoft disclosed that it had fallen victim to a cyberattack on its systems earlier that week. As an immediate precaution, the company disabled connections to several key services, including its Care Portal, Care Platform, and HiX Mobile applications, starting April 8.  At the time, ChipSoft confirmed it had engaged Z-CERT, the Dutch healthcare cybersecurity expertise center, and external cybersecurity professionals to conduct a forensic investigation. The company acknowledged the disruption caused to healthcare providers and patients, noting that patient portals were temporarily unavailable and data exchange via the platform had been halted. 

Data Theft Confirmed in the Netherlands 

By April 16, the investigation revealed that cybercriminals behind the ransomware attack had successfully stolen personal and medical data from several Dutch healthcare institutions. ChipSoft confirmed that affected organizations were being notified directly.  Hans Mulder, CEO of ChipSoft, addressed the breach, stating: “After forty years of dedication to reliable healthcare IT, it pains us that this situation has arisen. We cannot undo this data theft. However, we are doing everything we can to support the affected customers as best as possible in this situation.”  In contrast, a separate update on the same day confirmed that Belgian patient data had not been compromised in the cyberattack on ChipSoft systems. 

Systems Shutdown and Gradual Recovery 

The cyberattack forced ChipSoft to shut down multiple services as a preventive measure. Systems such as Zorgplatform, Zorgportaal, and HiX Mobile were temporarily taken offline, affecting daily operations in healthcare institutions.  By April 17, after extensive analysis conducted in collaboration with cybersecurity experts and Z-CERT, ChipSoft announced that the affected systems were safe to use again. A phased rollout began shortly afterward, with healthcare institutions being informed directly about the restoration process.  Further progress was reported on April 24, when ChipSoft confirmed that most healthcare institutions had regained access to Zorgplatform. Connections to Zorgportaal were also being restored, allowing many patient portals to become operational again. The HiX Mobile app became available once institutions reactivated their systems.  Despite these advancements, ChipSoft cautioned that the recovery process required time and careful handling. The company acknowledged the strain placed on healthcare providers, stating that the precautionary measures had significantly impacted daily workflows and patient care. 

The ChipSoft ransomware incident has disrupted healthcare operations across multiple institutions after the Dutch software vendor was hit by a cyberattack on April 7. The attack forced hospitals to disconnect critical systems and triggered widespread precautionary actions, highlighting the ongoing risks ransomware poses to the healthcare sector. Z-CERT confirmed it has been working closely with ChipSoft, healthcare institutions, and other stakeholders since the incident was first detected. The organization is actively monitoring the situation while providing support and threat intelligence to affected entities.

ChipSoft Ransomware Incident Forces System Shutdowns

In response to the ransomware incident, the company disabled connections to key platforms, including Zorgportaal, HiX Mobile, and the Zorgplatform, as a precaution. These systems remain temporarily unavailable as ChipSoft works to restore services in phases. Users are being issued new login credentials as part of the recovery process. ChipSoft has maintained direct communication with its customers, outlining steps to manage disruptions while systems are gradually brought back online. According to reports, 11 hospitals disconnected ChipSoft software from their networks following the attack. A confidential advisory also urged customers to cut secure VPN connections after the compromise was identified.

Hospitals Face Operational Challenges, Not Critical Disruptions

The ChipSoft ransomware incident has led to logistical challenges across healthcare institutions rather than critical failures in patient care. Hospitals have increased staffing at service desks, expanded telephony support, and relied more heavily on direct communication channels. Systems were reported unavailable at several hospitals, including Sint Jans Gasthuis, Laurentius Hospital, VieCuri Medical Center, and Flevo Hospital. Despite these disruptions, Z-CERT noted that no critical care processes have come to a standstill so far, suggesting that contingency plans and manual workflows are helping maintain essential medical services.

Investigation Ongoing, Attackers Yet to Be Identified

At this stage, the source of the ChipSoft ransomware incident remains unknown, and no ransomware group has claimed responsibility. ChipSoft’s website was also reported unreachable at the time of writing, indicating ongoing technical or security challenges. The attack appears to have originated from a compromise within ChipSoft’s environment, prompting widespread defensive actions by its customers to limit further risk.

Ripple Effects Extend Beyond Immediate Disruptions

The impact of the ransomware incident has extended beyond system outages. Leiden University Medical Center (LUMC) announced it has postponed the rollout of a new electronic patient record system supplied by ChipSoft following the breach. The hospital clarified that there are no indications that patient data has been leaked, reinforcing the current assessment that the incident has not resulted in data exposure.

Healthcare Sector Remains a Prime Target

The ChipSoft ransomware incident highlights the persistent threat facing healthcare organizations. Cybercriminals frequently target hospitals and medical software providers due to the critical nature of their services, where downtime can create pressure to restore systems quickly. A recent example includes the cyberattack on University of Hawaiʻi Cancer Center, where a ransomware incident impacted research systems and exposed sensitive personal data collected over decades. While clinical operations were not affected, the breach highlighted the long-term risks associated with storing large volumes of historical data.

Z-CERT Continues Support and Monitoring

Z-CERT continues to play a central role in managing the fallout from the ransomware incident. The organization is assisting healthcare institutions with prevention, detection, response, and recovery efforts, while also sharing updated threat intelligence. As restoration efforts progress, authorities and healthcare providers remain focused on minimizing disruption and ensuring patient care remains uninterrupted. The ransomware incident serves as another reminder of how cyberattacks on third-party vendors can cascade across critical sectors, reinforcing the need for stronger resilience in healthcare cybersecurity systems.

A massive breach exposed 337K LAPD-linked files, raising concerns over third-party risk, sensitive data exposure, and law enforcement cybersecurity gaps.

The post Massive Data Breach Exposes 337K LAPD-Linked Records appeared first on TechRepublic.

The Port of Vigo faced a cyberattack early Tuesday morning that disrupted its cargo management systems and forced authorities to shut down access to key digital services. The Port of Vigo cyberattack was detected at around 5:45 a.m., prompting an immediate response from the port’s IT team. The Port of Vigo cyberattack incident, now confirmed as a ransomware attack, affected servers linked to the Port Authority’s website, which remains offline. While the technical team was able to contain the threat, systems have been isolated from external networks as a precaution, delaying full restoration. Port president Carlos Botana said the systems will not be brought back online until all security checks are complete. He noted that the team is waiting until “everything is clear” before reconnecting services. At this stage, there is no confirmed timeline for when normal operations will resume.

Port of Vigo Cyberattack Slows Port Operations

The cyberattack on Port of Vigo has not impacted the port’s physical functioning, but it has significantly disrupted daily operations. Much of the cargo handling process depends on digital platforms for scheduling, coordination, and documentation. With systems offline, port users have been asked to switch to manual methods. Some operations, including those at the Border Inspection Post (BIP), are now being managed using paper records to keep workflows moving. This fallback has helped avoid a complete shutdown, but it is slowing processes and adding pressure on staff. The situation reflects how dependent modern port operations have become on digital infrastructure.

Ransomware Behind the Attack

Authorities have confirmed that the Port of Vigo cyberattack involved ransomware, a type of malware that blocks access to systems or data until a ransom is paid. In many cases, attackers also extract sensitive data, increasing the risk of further exposure. In this case, the focus remains on containment and recovery. A forensic investigation is currently underway to determine how the attackers gained access and whether any data has been compromised.

No Immediate Recovery Timeline

Despite progress in controlling the attack, the Port Authority has made it clear that restoring systems will take time. The IT team has not provided an estimated timeline for resuming server activity, citing the need for complete security validation before reconnecting systems. “The port's operational services and physical functioning have not been affected, but the programs will not be reopened to the public until all security checks have been completed,” Botana stated. This cautious approach is increasingly common in ransomware cases, where premature restoration can lead to reinfection or further compromise.

A Reminder of Growing Cyber Risks

The Port of Vigo cyberattack highlights the growing risk ransomware poses to critical infrastructure. Ports, in particular, rely on a mix of physical operations and digital systems, making them vulnerable to disruptions that can affect both logistics and trade flow. While operations at Vigo have not stopped entirely, the shift to manual processes shows how quickly efficiency can drop when systems go offline. The Port of Vigo cyberattack incident also points to a broader trend, cyberattacks are no longer limited to data theft. They are increasingly designed to disrupt operations, creating immediate and visible impact. As the investigation into cyberattack on Port of Vigo continues, the focus remains on restoring systems safely and understanding the scope of the breach. For now, the Port of Vigo continues to operate under constrained conditions, managing cargo traffic without the digital tools it typically depends on.