Named institutions hit
14+
confirmed publicly
Est. patients at risk
~218k
named institutions only
% of NL population
~1%
named confirmed only
AP notifications
66+
actual scope likely higher
Awaiting communication
1
BovenIJ Ziekenhuis
Confirmed clear
20
not affected
✔ ChipSoft update — 17 Apr 2026
On 17 April, ChipSoft announced that all disabled systems — Zorgportaal, Zorgplatform and HiX Mobile — have been cleared for reactivation. In coordination with external cybersecurity experts and Z-CERT, the systems were thoroughly analysed and found safe to restore. Institutions are being informed individually about the rollout. An update on HiX Mobile will follow at a later stage. See also: Z-CERT statement 17 April.
Breach impact map — precise GP locations + institution blast radii
Hospital / specialist
GP practice (named)
Awaiting communication
Not affected
Radius ∝ √population
Institution status
Estimated patient exposure — confirmed affected institutions
| Institution | Type | Location | Est. patients | % of NL | Basis |
|---|---|---|---|---|---|
| Oogziekenhuis Rotterdam | Specialist | Rotterdam | 60,000 | 0.335% | Confirmed — NOS / Volkskrant |
| Rijndam Revalidatie | Revalidatie | Rotterdam | 25,000 | 0.140% | Confirmed |
| Heliomare | Revalidatie | Wijk aan Zee | 20,000 | 0.112% | Confirmed: possibly affected |
| MKA Kennemer & Meer | Specialist | Haarlem | 15,000 | 0.084% | Patient letter sent |
| De Waag & Van der Hoeven Kliniek | Forensic psychiatry | Utrecht | 6,000 | 0.034% | ~6,000 clients confirmed |
| Huisartsenpraktijk Heikant | GP practice | Veldhoven | 5,875 | 0.033% | ~2.5 FTE — health centre |
| Huisartsenpraktijk De 1e Lijn | GP practice | Den Hoorn | 5,875 | 0.033% | ~2.5 FTE — 3 GPs on website |
| Medisch Kwartier Eindhoven | GP practice | Eindhoven | 4,700 | 0.026% | ~2 FTE — urban multi-GP |
| Huisarts Boschdijk | GP practice | Eindhoven | 4,700 | 0.026% | ~2 FTE — urban, 71 reviews |
| Mercuur Huisartsenpraktijk | GP practice | Eindhoven | 4,700 | 0.026% | ~2 FTE — urban health centre |
| Huisartsenpraktijk Van de Kerkhof | GP practice | Deurne | 2,350 | 0.013% | ~1 FTE — solo GP |
| Praktijk Hartendorp | GP practice | Schoorl | 2,350 | 0.013% | ~1 FTE — village, solo GP |
| Huisartsenpraktijk Terra Medici | GP practice | Maarheeze | 2,350 | 0.013% | ~1 FTE — village practice |
| Basalt (revalidatie) | Revalidatie | Den Haag / Zuid-Holland | 30,000 | 0.168% | 13 locations Zuid-Holland — ANP/Volkskrant |
| Fonkelzorg | GP organisation | Den Bosch / Noord-Brabant | 12,000 | 0.067% | Email to patients confirmed — Omroep Brabant / DTV Nieuws |
| Medisch Centrum Soerendonk | GP practice | Soerendonk | 2,350 | 0.013% | ~1 FTE — patient letter 17 Apr, signed Klinkers & Govaert |
| Adelante (revalidatie) | Revalidatie | Hoensbroek / Valkenburg | 15,000 | 0.084% | Own statement 16 Apr: possibly accessed — investigating (adelantegroep.nl) |
| Total — named confirmed institutions | 218,250 | 1.22% | |||
| GP estimates use NZa cap of ~2,350 per FTE. FTE derived from opening hours, Google review volume, practice format and location. De 1e Lijn: 3 GPs named on website. Hospital/specialist figures are catchment estimates (NVZ, CBS). Does not include the 66+ additional institutions that filed AP notifications without public disclosure — actual scope is likely significantly higher. | |||||
Highly sensitive data — TBS & forensic psychiatric patients
De Forensische Zorgspecialisten (De Waag & Van der Hoeven Kliniek) confirmed data from approximately ~6,000 forensic psychiatric clients was stolen — including patients under court-ordered psychiatric detention (TBS). The organisation is notifying clients individually and organising information sessions at the clinics.
GP location methodology
Named GP practices are plotted at their exact geocoded address, with a blast radius based on the Dutch average of ~2,300 registered patients per practice.
Information sources
ChipSoft has published information about this incident at informatie.chipsoft.com. Additional data on this page is drawn from OSINT sources: individual institution websites, public AP filings, and reporting by NOS, Volkskrant, LHV, and Skipr. Where sources differ, both are noted. Readers are encouraged to consult primary sources directly.
Sources & status
Status based on institution websites, NOS, Volkskrant, ANP, LHV, L1 Nieuws, and Skipr as of 20 Apr 2026. GP addresses geocoded via Google Places. BovenIJ remains silent with portal offline. Forensic investigation by ChipSoft and Z-CERT ongoing. Independent awareness project — not an official communication.
Disclaimer — 20 Apr 2026
This page aggregates publicly available information from institution websites, official press releases, and media reporting. It does not make claims beyond what sources state. Named GP practices are plotted at geocoded addresses with a ~2,300 patient radius (Dutch average). GP practices are plotted only where a breach is confirmed or suspected. Population figures are estimates. This is an independent public-awareness project — not affiliated with ChipSoft, Z-CERT, or any healthcare institution. For official information, consult informatie.chipsoft.com and your own healthcare provider.
Sources
Official
ChipSoft informatiepagina ransomware-incident
informatie.chipsoft.com
ChipSoft FAQ — veelgestelde vragen
informatie.chipsoft.com/…/veelgestelde-vragen
De Forensische Zorgspecialisten — care continues after data incident
dfzs.nl
Media
NOS — Patient data confirmed stolen in ChipSoft hack
nos.nl/artikel/2610742
NOS — Hospital data leak cannot be ruled out
nos.nl/artikel/2610491
NOS — Healthcare organisations report patient data theft
nos.nl/artikel/2610854
NOS — GP practices affected, no consequences for hospitals
nos.nl/artikel/2609591
LHV — Cyber incident at ChipSoft: what we know now
lhv.nl
L1 Nieuws — Noord-Limburg GP practices not affected (Cohesie)
l1nieuws.nl
Skipr — Ransomware attack hits EPR supplier ChipSoft
skipr.nl
Basalt revalidatie — information about ChipSoft hack
basaltrevalidatie.nl
AD Rotterdam — Rijndam warns patients: data possibly stolen in ChipSoft hack
ad.nl
Adelante — data breach at ChipSoft affects part of patient data
adelantegroep.nl
DTV Nieuws — Fonkelzorg patient data stolen in ChipSoft hack
dtvnieuws.nl
Omroep Brabant — Fonkelzorg and Heikant warn patients
omroepbrabant.nl
Tweakers — ChipSoft admits patient data was stolen in hack
tweakers.net
NRC — Hackers force ChipSoft into slightly more openness
nrc.nl
Institution statements
Huisartsenpraktijken De Dommel (Sint-Oedenrode) — cyber attack notice
huisartsenpraktijkneulstraat.uwartsonline.nl
Mercuur Huisartsenpraktijk — patient portal problems
mercuur.praktijkinfo.nl
Medisch Kwartier Eindhoven — data stolen
medischkwartiereindhoven.nl
Huisartsenpraktijk Terra Medici — Maarheeze
terramedici.praktijkinfo.nl
Huisartsenpraktijk De 1e Lijn (Den Hoorn) — data most likely stolen
de-1elijn.nl
Huisarts Boschdijk Eindhoven — portal problems / data breach
mcboschdijk.nl
Huisartsenpraktijk Van de Kerkhof (Deurne)
hadeurne.nl
Medisch Centrum Soerendonk — patient letter data confirmed stolen (PDF)
medischcentrumsoerendonk.uwartsonline.nl
Praktijk Hartendorp (Schoorl) — patient letter data incident (PDF)
huisartsenpraktijkhartendorp.nl
Huisartsenpraktijk Van de Kerkhof (Deurne) — patient letter data confirmed stolen (PDF)
hadeurne.nl
Medisch Centrum Soerendonk — patient letter data confirmed stolen (PDF)
medischcentrumsoerendonk.uwartsonline.nl
MKA Kennemer & Meer — patient letter cyber attack ChipSoft (PDF)
mkakennemerenmeer.nl
Bernhoven Ziekenhuis — data incident at ChipSoft
bernhoven.nl
Slingeland Ziekenhuis — not affected by ChipSoft ransomware
slingeland.nl
Jeroen Bosch Ziekenhuis — no indications of data leak
jeroenboschziekenhuis.nl
Erasmus MC — cyber incident at ChipSoft supplier
erasmusmc.nl
SJG Weert — cyber incident at ChipSoft, care continues
sjgweert.nl
Sint Maartenskliniek — data incident at ChipSoft: latest developments
maartenskliniek.nl
LUMC — data incident ChipSoft: confirmed not affected
lumc.nl
Haaglanden MC — ChipSoft data incident: consequences for HMC
haaglandenmc.nl
Wilhelmina Ziekenhuis Assen — cyber incident at ChipSoft
wza.nl
Laurentius Ziekenhuis — no patient data stolen at Laurentius
laurentiusziekenhuisroermond.nl
VieCuri Medisch Centrum — patient data safe, EPD functioning normally
viecuri.nl
Omroep Zeeland — ADRZ and ZorgSaam not affected by data breach
omroepzeeland.nl
ADRZ — update patient portal, no data leaked
adrz.nl
Maastro (radiotherapie) — own statement: no indications of patient data impact
maastro.nl