A software company that provides secure data facilities to 70% of Dutch hospitals has been hit by a ransomware attack, broadcaster NOS has reported.

A confidential memo to ChipSoft customers, obtained by NOS, advised them to cut their secure VPN connection after the company’s systems were compromised.

The memo was sent by Z-Cert, an agency that monitors digital security in the healthcare sector and issues alerts.

ChipSoft did not confirm that it had been the subject of a ransomware attack, in which hackers typically seize secure data records and threaten to publish or destroy them unless they are paid a large sum of money.

It told NOS it had been the subject of a “data incident” involving “possible unauthorised access” and did not rule out that patients’ records may have been seen or stolen.

Seven in 10 hospitals and many family doctors use ChipSoft’s software to manage their data records, including the secure portals that allow patients to communicate with them and see their records.

NOS said 11 hospitals have taken down their online portals in response to the attack, but most have not. Z-Cert has advised hospitals and other facilities to keep a close eye on their network traffic in the wake of the incident.