Luscii - HiX integration disabled due to security incident at ChipSoft – Incident details

Update: We have just received notice from ChipSoft that they are taking the entire ZorgPlatform offline. This means the HiX integration with Luscii is once again unavailable. Unfortunately, we do not have further details at this time. We are closely monitoring our own systems and will provide an update as soon as we know more.

Update: Good news: the HiX integration is back online. The integration between Luscii and HiX runs via ZorgPlatform. We have received confirmation from ChipSoft that ZorgPlatform has not been compromised and have decided to reactivate the integration.

As shared earlier, there are a few points of attention following the reactivation:

• Patients registered via the web version will need to be manually linked to HiX. Alerts created before the linking will not be forwarded retroactively. Only alerts created after the link has been established will appear on the orderlist.

• Alerts for already connected patients that were processed in the web version during the downtime may still appear as open in HiX and will not be automatically updated. -

• Measurements (such as blood pressure) taken during the downtime will not be synced to HiX retroactively.

Steps to connect a patient in HiX:

1. Open HiX

2. Open the patient profile

3. Go to 'Externe activiteitendefinities'

4. Start a new 'Externe activiteitendefinitie' for the care path the patient needs

5. A new window will open: if the patient already exists, connect the patient to the existing account. Matching is based on last name, date of birth, and email.

For any questions, please reach out to support@luscii.com or support@luscii.co.uk. Thank you for your patience.

Update: Before re-enabling the HiX integration, we are awaiting a response from ChipSoft. At this point, we do not have sufficient insight into the situation on their end to responsibly bring the integration back online. Additionally, we will only restore the connection with new security certificates once we have received these from ChipSoft. These are the digital keys that secure the connection between Luscii and HiX. We would rather take extra time than take unnecessary risks with patient data. We will share a new update as soon as we know more.

HiX is an electronic health record system used by many Dutch healthcare organisations. If your organisation does not use HiX, you can safely ignore this notification.

Update: An overview of the impact while the HiX integration is disabled:

• Patients registered via the web version will need to be manually linked to HiX once the integration is restored. Alerts created before the linking will not be forwarded retroactively. Only alerts created after the link has been established will appear on the orderlist.

• Alerts for already connected patients are currently not being forwarded to the orderlist. Because the integration is disabled, alerts are not being queued. Alerts that have already been processed in the web version may still appear as open in HiX and will not be automatically updated after the integration is re-enabled.

• Measurements (such as blood pressure) are not being synced to HiX. No backlog will be processed after reactivation either.

Luscii itself is functioning normally. Only the data transfer to HiX is temporarily interrupted. We understand that this is really inconvenient, but we do not want to take any unnecessary risks when it comes to data protection. We will provide an update as soon as there is more clarity on when the integration can be safely re-enabled.