Nederlands
English
Français
Deutsch
Español
Português941,000 Dutch women notified about data breach in cervical cancer screening program after ransomware attack on Clinical Diagnostics laboratory in August 2025.
Massive Data Breach in Dutch Cervical Cancer Screening Program
Dutch health authorities are sending notification letters to 941,000 women whose personal data may have been compromised in a major cybersecurity breach at Clinical Diagnostics laboratory in Rijswijk. The breach, which occurred in August 2025, represents one of the largest healthcare data incidents in Netherlands history.
Four Different Notification Categories
The Population Screening Netherlands organization has developed four distinct letter variants based on the level of risk exposure. "We understand this is concerning news for many women, and we're providing clear information about what data was potentially accessed and what steps they should take," stated a spokesperson for the screening program.
Approximately 216,000 women will receive notifications confirming their data was accessible to hackers, while 282,000 will be informed that data theft cannot be ruled out. A smaller group of 38,000 women, whose older test results from before 2017 were involved, will receive delayed notifications due to address validation issues.
Ransomware Group Behind the Attack
The Nova ransomware group claimed responsibility for the attack on Clinical Diagnostics, which processes cervical cancer screening tests for the national program. The hackers initially published some data on the dark web but later claimed to have deleted the information, though authorities cannot verify this assertion.
The breach affects data from 850,000 individuals total, with 700,000 coming from the national screening program and the remainder from general practitioner records and treatment centers. According to the Dutch population screening website, the stolen information includes medical test results and personal identification data.
Security Measures and Recommendations
Authorities emphasize that email addresses and phone numbers were not compromised, reducing the risk of phishing attacks. However, women are advised to remain vigilant about potential identity theft and monitor their financial accounts. The Dutch Data Protection Authority has launched a criminal investigation into the incident.
The cervical cancer screening program, which tests women aged 30-60 every five years, plays a crucial role in early detection and prevention. Despite this breach, health officials stress the importance of continued participation in screening programs.
