Ransomware attack on dutch medical lab exposes cancer screening data of almost 500K women
Learn More
A ransomware attack on the Dutch medical laboratory Clinical Diagnostics NMDL in Rijswijk has resulted in the theft of sensitive personal and medical data belonging to approximately 485,000 women who participated in the Netherlands' national cervical cancer screening program.
Exposed data inlcudes:
- Names and home addresses of patients and healthcare providers
- Birth dates and social security numbers (BSN)
- Detailed medical test results from cervical cancer screenings
- Self-test and clinical examination results
- Healthcare provider information and referral details
- Email addresses and telephone numbers (limited subset of victims)
- Medical advice and follow-up recommendations
- Historical test data spanning multiple years
- Patient records from various medical specialties beyond cancer screening
According to reports from RTL Nieuws, portions of the stolen data have already surfaced on dark web marketplaces, indicating that cybercriminals are actively monetizing the healthcare information through illegal channels.
The company waited over a month before notifying authorities and affected organizations about the breach, only informing Bevolkingsonderzoek Nederland (Population Screening Netherlands) on August 6, 2025, nearly five weeks after the initial attack occurred.
The delayed disclosure has raised serious questions about incident response protocols and regulatory compliance, as healthcare organizations are typically required to report data breaches within 72 hours under European data protection regulations. The attack has forced Bevolkingsonderzoek Nederland to suspend all collaboration with Clinical Diagnostics NMDL and transfer cervical cancer testing operations to alternative laboratories to ensure the continued operation of the national screening program.
Update - as of 18th of August 2025, the Nova cybercrime group who claimed responsibility for hacking Clinical Diagnostics NMDL, has issued an 11-day ultimatum demanding payment or they will release additional stolen medical data. The ransomware group claims the laboratory violated agreements, potentially by involving police in the investigation. Sources indicate that Clinical Diagnostics may have already paid a previous ransom demand.
As of 28th of August 2025, the Dutch Population Screening Organization reports that data from a total of more than 941,000 women may have been leaked during the incident. The laboratory currently confirms 715,000 cases being exposed.
