What was first thought to be a targeted cyberattack on the Dutch cervical cancer screening program has turned out to be far worse — and far broader.
According to an investigation by RTL Nieuws, data from patients who underwent skin, urine, and penis examinations were also stolen.
What does this mean? A large number of people who received medical tests in the Netherlands have had their data stolen. Let’s look at what is known so far. 👇
Half a million cervical screening patients
When the breach first came to light, it was thought to involve no less than 485,000 patients who had taken part in the cervical cancer screening program, either through a Pap smear or a self-test.
The data was leaked after one of the testing labs, Clinical Diagnostics in Rijswijk, was hacked.
NOS reports that the stolen data included the patients’ names, addresses, healthcare provider information, GP referrals, and research data going back to 2016.
Those affected will receive a letter in the coming weeks and be warned about possible targeted phishing attempts. The laboratory has since had its collaboration with the program suspended.
More hospitals and tests involved
However, RTL Nieuws’ investigation reveals that the breach at Clinical Diagnostics also includes results and advice from tests on urine, skin, vagina, penis, anus, and wound fluid.
The stolen records belong to patients whose samples were sent to the laboratory by healthcare providers and independent clinics.
Affected institutions include Leiden University Medical Center, Amphia Hospital, Alrijne Hospital, and numerous GP practices.
Data already on the dark web
A portion of the stolen data has already surfaced on the dark web.
RTL Nieuws confirmed that 53,516 people are named in the files currently online, while the hackers claim to have stolen 300 gigabytes of data.
Only 100 megabytes have been published so far, but the leaked material covers the years 2022 to 2025, meaning many recent tests are included.
Do you think Dutch authorities are doing enough to protect sensitive medical data, or should stronger measures be put in place? Share your thoughts with us. 💬
Nothing will happen, because we know that the government does not govern in the name of the people, but in the name of those who finance elections, including health care providers and insurance companies.
Does anyone know if this also involves HMC Westeinde? I had tests taken there back in 2017 after I suffered an allergic reaction to food. I presume they’d have been sent for processing too.
According to the article the data are from 2022 to now. If that is true, your data aren’t included in the hack. However, being extra careful for all kinds of phishing is always good. See https://business.gov.nl/running-your-business/security-and-fraud/phishing/ .
I’ve always been concerned why the Dutch government needs your home address and not just a postal address to send correspondence. Many women are now put at risk with their home address exposed. Surely we should be compensated for this stress caused.