ChipSoft, a Dutch manufacturer of electronic patient record software, has been targeted with ransomware.
-
ChipSoft, which provides patient record software to 70% of Dutch hospitals, was hit by a ransomware attack.
-
Hospitals are being urged to disconnect from ChipSoft's systems and monitor their networks for suspicious activity.
-
At least eleven hospitals have taken their patient portals offline as a precaution.
A spokesperson told Dutch news outlet NOS that a “data incident” occurred, which was most likely caused by “unauthorized access” by an unknown threat actor.
The healthcare provider says it is taking all necessary measures to minimize the adverse effects as much as possible. Immediately after the hack was discovered, the company made sure that the attackers were locked out of its systems.
In a confidential message addressed to healthcare institutions, Z-CERT, the computer emergency response team for the Dutch healthcare sector, confirms that ChipSoft has become the victim of a ransomware attack. The affected software includes HiX on-premise, HiX SaaS, and SaaS Patient Portal hosted via ChipSoft, Z-CERT corroborates.
Hospitals and other healthcare institutions are recommended to terminate their connection with ChipSoft and to closely monitor their internal network for suspicious activities.
As of writing, ChipSoft can’t rule out that personal data has been stolen or accessed by cybercriminals. The identity of the attackers responsible for the ransomware attack remains a mystery at this time.
Have thoughts about this topic? Others do, too. Join them in the discussion.
A large number of hospitals use ChipSoft’s software to process patient information. Approximately 70% of hospitals have integrated ChipSoft’s software into their internal network.
According to a survey of the NOS, most hospitals haven’t taken their patient portals offline. Eleven hospitals have done so, including Slingeland Hospital, the Diakonessenhuis, the Rijnstate Hospital, Franciscus Hospital, Frisius MC, and Tergooi MC.
Strong password generator
“We continue to provide uninterrupted care for our patients, and patient records remain fully accessible internally. To minimize any potential risks, we have proactively disconnected connections to other healthcare providers’ systems,” one of the affected hospitals says.
Last year, healthcare service provider Clinical Diagnostics was attacked with ransomware. Personal and sensitive information of over 485,000 participants in a cervical cancer screening program was stolen, including names, addresses, dates of birth, citizens’ service numbers (BSN), test results, and the names of the participants’ healthcare providers.
To prevent the stolen data from appearing on the dark web, Clinical Diagnostics paid a ransom. The amount that was paid was never disclosed.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked