Dutch regulator probes ChipSoft after ransomware gang stole patient records
To this day, it remains unclear whether ChipSoft paid a ransom to the attackers.

Photo by Roland Weihrauch/picture alliance via Getty Images
- Dutch regulator launched investigation into ChipSoft after ransomware gang stole patient medical records in April breach
- ChipSoft initially downplayed theft, then confirmed attackers stole sensitive patient data including medical records
- Company claims hackers deleted stolen data but hasn't disclosed whether ransom was paid to attackers
- Investigation examines how breach occurred and security failures; highlights healthcare data vulnerability risks
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
The Dutch Authority for Digital Infrastructure (RDI) is investigating ChipSoft after hackers stole patient records, and the medical software maker claimed the data was “destroyed.”
In April, ChipSoft was attacked by a ransomware extortion group called Embargo.
Initially, the software developer claimed that it was unlikely that patients’ personal information had been stolen or accessed, but couldn’t rule it out either. A few weeks later, the company revealed that the attackers had stolen patients' personal data, including medical records.
At the end of April, ChipSoft assured that all data stolen by the hackers had been deleted.
“With the support of cybersecurity experts, we were able to prevent the data from being published. Furthermore, the stolen data has been destroyed. Our cybersecurity experts have confirmed that this destruction was carried out in a technically sound manner,” the company said in a statement.
It remains unknown whether ChipSoft paid a ransom to the attackers.
The story doesn’t end here.
The Dutch Authority for Digital Infrastructure (RDI) has launched an investigation into the incident. The regulator aims to uncover what happened, how this could have happened, and what lessons can be learned.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
“We believe that it’s important for organizations to properly secure their systems and continue to invest in their digital resilience, so that everyone can use their services with confidence. Unfortunately, incidents cannot always be prevented,” the regulator states in a press release.
“However, we do expect organizations to have their security measures in place and, in the event of an incident, will do everything possible to minimize the impact, for example, on service continuity, and to learn from the experience to improve,” the statement continues.
The RDI is also currently investigating the Odido data breach, in which attackers stole the personal data of over 6.2 million current and former customers.