Hackers stole data from more than 485,000 participants in a cervical cancer screening program after gaining access to IT systems at Clinical Diagnostics.
According to the Centre for Population Screening, which conducts these studies on behalf of the National Institute for Public Health and the Environment (RIVM), the hackers accessed participants' personal data in the cervical cancer screening program between July 3rd and July 6th, 2025.
Personal details of 485,000 participants, including names, addresses, dates of birth, citizens’ service numbers (BSN), test results, and the names of the participants’ healthcare providers, have possibly been exfiltrated.
Elza den Hertog, Chair of the Board of Directors, finds what has happened appalling.
“We are extremely shocked by this data breach, and we understand that women who participated in the screening program through us are naturally also very shocked. I would like to say to them that we are extremely sorry that this has happened,” she says in a public statement regarding the incident.
“Participating in cervical cancer screening is already a stressful experience for many women. And now they are being told that their personal data may also have been leaked. We deeply regret that this has gone so wrong at one of the laboratories we work with,” Den Hertog continues.
The Centre for Population Screening has temporarily suspended services from Clinical Diagnostics. An independent investigation has been launched into how this could have happened and how such incidents can be prevented in the future. In addition, a report has been filed with the Dutch data protection authority and the Health and Youth Care Inspectorate.
Affected participants will receive a letter from the Centre for Population Screening in the coming weeks. Due to the incident's impact, the health institution has chosen to communicate this to the media.
The Centre for Population Screening recommends being alert to fraud and scam attempts. “The hack involved the email addresses and phone numbers of a limited group of participants. Nevertheless, it’s important for all those involved, who are informed by letter, to remain vigilant for any potential misuse of personal data,” the Centre concludes.
According to RTL Nieuws, the data breach is bigger than we are led to believe. Allegedly, data from skin, urine, vagina, penis, and anus examinations have also been stolen. The Dutch news outlet claims that the attackers, a group of cybercriminals known as Nova, have stolen over 300 gigabytes of data, of which 100 megabytes have been published on the dark web.
Z-CERT, the Computer Emergency Response Team for the healthcare sector in the Netherlands, confirms that the data breach extends beyond the Centre for Population Screening. Other healthcare institutions, including general practitioners, have been affected by the incident.
At the moment, Z-CERT can’t say anything about the scope of the incident.
“For a complete picture of the impact, transparency from suppliers is important. Without additional information, we cannot deepen our investigation, determine which institutions are at risk, and inform them in a timely manner. And just as importantly, potential victims are unaware that they are involved in a data breach,” Z-CERT Director Wim Hafkamp said in a statement.
Your email address will not be published. Required fields are markedmarked