Nearly 500,000 women who took part in mass cervical cancer screenings in the Netherlands have had their personal data compromised following a cyberattack at a major diagnostic laboratory.
Bevolkingsonderzoek Nederland, the national population screening organization, confirmed that hackers infiltrated the systems of Clinical Diagnostics NMDL in Rijswijk during the first week of July, gaining access to the names, addresses, and referral details of around 485,000 women. Data belonging to health professionals was also exposed.
Data Protection and DPDP Act Readiness: Hundreds of Senior Leaders Sign Up for CDPO Program
The breach also includes sensitive medical information, such as the results of self-administered tests and screenings conducted at general practitioners’ offices, and some records dating back several years. A spokesperson for Bevolkingsonderzoek Nederland stated that further investigation will have to show what exactly happened and which data were stolen.
Sensitive Health Data at Risk
Authorities have begun notifying the affected women through letters, urging them to remain vigilant against potential exploitation of the stolen information. Concerns are high about the risk of targeted phishing campaigns or identity fraud stemming from the breach. While the attackers reportedly could view the data, they were unable to modify any records. Still, the compromise of private health details has raised alarms about cybersecurity safeguards in the healthcare sector, which has increasingly become a target for criminal hacking groups.
Bevolkingsonderzoek Nederland has suspended its collaboration with Clinical Diagnostics NMDL to contain the incident and prevent further data leaks. Cybersecurity experts are working alongside investigators to determine the scale of the compromise and identify the perpetrators.
Clinic Silent as Probe Continues
Clinical Diagnostics NMDL, the laboratory at the center of the breach, has declined to comment on the matter. The Dutch Data Protection Authority is expected to launch its own inquiry into whether data protection regulations were breached and if additional legal measures are necessary.
The incident adds to a growing list of cyberattacks on medical institutions across Europe in recent years, with hackers seeking to exploit sensitive personal and health data for ransom or sale on illicit online markets.