It’s possible that hackers did steal personal information of patients during a recent ransomware attack on ChipSoft after all.

Attackers were likely able to intercept data traffic passing through ChipSoft’s servers. According to an insider, there’s no indication that this actually happened, but it cannot be ruled out either.

According to Dutch news outlet NOS, at least a dozen hospitals in the Netherlands have been advised to file a report with the Dutch data protection authority due to the risk of a potential data breach.

The privacy regulator confirms it has received reports from numerous hospitals, but declines to disclose how many or which hospitals.

Last week, ChipSoft, a manufacturer of electronic patient record software, was targeted by hackers. As soon as the hack was discovered, the company ensured the attackers were locked out of its systems.

According to Z-CERT, the computer emergency response team for the Dutch healthcare sector, the company had become the victim of a ransomware attack. The agency confirmed that the affected software included HiX on-premise, HiX SaaS, and SaaS Patient Portal hosted via ChipSoft.

Approximately 70% of Dutch hospitals have integrated ChipSoft’s software into their internal network.

Most patient portals provided by ChipSoft are still offline. As a result, patients from the affected hospitals cannot view their records or check in at the hospital, leading to longer lines.

It’s unclear why there are now sudden concerns of a data breach. Last week, sources said that the impact on hospitals appeared to be “limited.”

The sources did say at the time that patient data may have been stolen from a relatively small number of general practices and pharmacies.

---

Unlock more exclusive Cybernews content on YouTube.