LinkedIn Carousel - #CyberWeekly Week 16

Your M365 Now Feeds Compliance

Microsoft Graph integration auto-fills your intake. AI drafts policies from your own entity data.

ChipSoft Ransomware Hits Belgian Hospitals

Platform: Microsoft Graph Meets Compliance

Basic-Fit Breach: 1M Members' Data Exposed

NIS2 D-Day: April 18 Deadline Is Here

Easy Cyber Protection

1/4

ChipSoft ransomware knocks Belgian and Dutch hospitals offline — patient data confirmed stolen

A ransomware attack on ChipSoft, the vendor behind 80% of Dutch hospital patient record systems, forced 11 hospitals to take their systems offline and…

Who was hit: Sint Jans Gasthuis (Weert), Laurentius Hospital (Roermond), VieCuri Hospital (Venlo), Flevo Hospital (Almere), Rotterdam Eye Hospital, and family doctors and rehab clinics using the cloud-hosted HiX 365 platform. In Belgium: Hospital aan de Stroom, Hospital Oost-Limburg, and Hospital Delta all lost access to patient portals
What was stolen: ChipSoft confirmed patient data was exfiltrated. The Dutch Parliament has opened a probe. No ransomware group has claimed responsibility yet
The supply chain lesson: one vendor breach took out hospital systems across two countries. Over 60% of Belgian citizens access medical records through digital portals that rely on third-party software like ChipSoft

BleepingComputer: full timeline → https://www.bleepingcomputer.com/news/security/healthcare-it-solutions-provider-chipsoft-hit-by-ransomware-attack/

2/4

Platform Spotlight: Microsoft Graph meets compliance — your M365 data now auto-fills intake forms

This week we shipped Microsoft Graph integration: connect your Microsoft 365 account and your compliance intake forms auto-fill with real data from your tenant.

Graph auto-fill: connect M365 once and your organisation name, domain, user list, and device inventory flow directly into compliance intake fields. No more copy-pasting between admin portals and compliance documents
Entity-group placeholders: policies and procedures now reference your actual entity groups — servers, workstations, mobile devices, user roles — with an autocomplete picker. When your inventory changes, documents stay current
Composable document pipeline: AI drafts each policy section using your real entity data as context. The result reads like it was written for your organisation, because it was

Try it now → https://easycyberprotection.com/app

3/4

Basic-Fit breach exposes bank details of 1 million gym members across six countries — Belgium included

European gym giant Basic-Fit disclosed a data breach on April 13 affecting up to 1 million members across Belgium, the Netherlands, France, Germany, Luxembourg, and Spain.

Scale: 1 million of Basic-Fit's 5 million European members were affected. In the Netherlands alone, 200,000 individuals were impacted. Belgian members were explicitly listed among those notified
What was exposed: full names, home addresses, email addresses, phone numbers, dates of birth, bank account numbers, and membership details. Passwords and ID documents were not accessed
How it was caught: system monitoring detected the unauthorised access and stopped it "within minutes." An external investigation confirmed some data had been downloaded before containment
What to watch for: with bank details and personal information in hand, targeted phishing and direct debit fraud are the immediate risks. Basic-Fit warned members to watch for suspicious emails

BleepingComputer: Basic-Fit breach details → https://www.bleepingcomputer.com/news/security/european-gym-giant-basic-fit-data-breach-affects-1-million-members/

4/4

NIS2 D-Day: the April 18 self-assessment deadline is here — what happens if you miss it

Tomorrow is April 18, 2026 — the binding deadline for Belgian essential entities to submit their CyFun self-assessment or ISO 27001 documentation to the CCB.

Three submission paths: (1) CyFun Basic or Important verification from an accredited CAB, (2) ISO 27001 certification scope and Statement of Applicability, or (3) self-assessment documentation with a formal inspection request
What happens after: the CCB will begin ex-ante supervision — reviewing submissions and following up with entities that submitted incomplete documentation or missed the deadline entirely
Penalties: up to 10 million euro or 2% of global turnover, plus personal director liability. The CCB can also impose additional supervisory measures on non-compliant entities
If you are not ready: submitting an incomplete self-assessment with a credible remediation timeline is better than submitting nothing. The CCB has indicated that demonstrating active progress matters

CCB: official deadline guidance → https://ccb.belgium.be/news/nis2-18-april-2026-deadline-what-essential-entities-must-have-place