The Dutch Parliament is demanding answers from Health Minister Hermans following a significant ransomware attack on ChipSoft, a leading provider of Electronic Patient Dossier (EPD) software. The cyberattack prompted several hospitals to take their patient portals offline. The incident has led to at least 23 data leak notifications to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Impact of the ChipSoft Ransomware Attack
The ransomware assault disrupted operations for numerous Dutch hospitals, many of which rely on ChipSoft’s EPD systems, estimated to hold a 70% market share in the Netherlands. Following the attack, ChipSoft disconnected various platforms and is actively working to restore services using “new keys.” The immediate impact included patient portals being taken offline, as reported by Security.NL. The authority received 23 data leak reports, according to Skipr and also noting that the number is expected to rise.
Parliamentary Concerns Over Healthcare IT Dependency
D66 Members of Parliament Vervuurt and El Boujdaini have formally questioned Minister Hermans, seeking clarification on the attack’s consequences for healthcare continuity and any indications of patient data theft. Their queries extend to the strong reliance on a limited number of commercial IT suppliers for critical healthcare systems. They also challenge the adequacy of current cybersecurity, resilience, and continuity requirements for these suppliers, considering their pivotal role in the national healthcare system.
The MPs further pressed the minister on the need for additional requirements for critical healthcare IT providers. These could include mandates for improved redundancy, interoperability, or robust exit strategies to reduce institutional vulnerability during outages or incidents. This aligns with broader concerns about cyberattacks targeting medical technology companies and the need for comprehensive incident response planning. The government has three weeks to respond to these parliamentary questions.
Public and Expert Commentary
The incident has sparked public debate, with commentators highlighting the dangers of vendor lock-in and the need for open standards in healthcare IT. Critics argue that current political approaches fail to adequately protect citizens from the consequences of such breaches, advocating for greater choice and analog alternatives where digital trust is compromised. Effective incident response playbooks are crucial in navigating and recovering from such complex cyber incidents.
