Affected ChipSoft software not in use at the Princess Máxima Center

On Thursday, April 16, ChipSoft, a supplier of hospital software, confirmed via its information page on the ransomware incident that patient data was stolen during the attack. We understand that this may raise questions or concerns. However, the software that was affected is not in use at the Princess Máxima Center. The patient portal of the Máxima Center is hosted within the secure environment of UMC Utrecht, and patient data is not shared with ChipSoft. ChipSoft has stated that all institutions that manage ChipSoft software themselves or have it managed by third parties have not been affected. This applies to the Máxima Center.

When UMC Utrecht and the Máxima Center became aware of the first signs of issues at ChipSoft on April 7, the direct link with ChipSoft was disconnected and all forms of access were blocked to ensure the security of our systems.

These actions are in line with the advice of Z-Cert, the expertise center for cybersecurity in healthcare. We are in close contact with Z-Cert and fellow hospitals for the further handling of this incident.

What are the current consequences?

• The patient record remains available to our Care workers.

• It is temporarily not possible to exchange medical documents digitally with other hospitals.

• We are currently unable to view documents from other hospitals.

• This may mean that our Care workers sometimes need extra time to obtain medical information. When necessary, this is done by phone or through secure email, always with prior consent.

We will continue to provide care and we are doing everything we can to limit any inconvenience to a minimum. We are closely monitoring the situation.