Criminals steal personal, medical data of 485,000 women from cervical cancer lab

Internet criminals have stolen private data of 485,000 women from a laboratory conducting research for Population Screening Netherlands (Bevolkingsonderzoek Nederland), the national organization responsible for population screening in the Netherlands.

The affected women participated in the cervical cancer screening program, either through a smear test at their general practitioner or via a self-test. Participants in other screening programs have not been impacted, Population Screening Netherlands confirmed in a press release.

The full extent of the data breach remains unclear. It is confirmed that research data were accessed, but whether this applies to all affected women is still under investigation. Names and addresses of participants, names of healthcare providers, and referrals from general practitioners were also viewed. Some data were stolen, though it is unknown if all information was taken.

A spokesperson for Population Screening Netherlands said, “It likely concerns research data from multiple years.” An independent investigation will clarify the exact circumstances of the breach.

Affected women will receive letters in the coming weeks with further information. They are warned to be alert for potential misuse of their personal data, including highly targeted phishing emails.

The breach was uncovered following an investigation by the affected laboratory, Clinical Diagnostics in Rijswijk. The company confirmed it was hacked but declined to answer detailed questions. It remains unknown if other clients of the laboratory were also impacted by the cyberattack.

In response, collaboration with Clinical Diagnostics has been temporarily suspended, and all ongoing research is now conducted elsewhere. The government agency responsible for the screening, operating under the RIVM, reassured current participants that their data are safe. Although hackers were able to access research data, they could not alter it, the organization stated in a press release. Therefore, participants will not need to repeat their tests.

The Netherlands Comprehensive Cancer Organization (Integraal Kankercentrum Nederland, IKNL) called the breach “worrying” because it could affect participation in screening programs. “People must be able to take part in such screenings with full trust and without any doubts about the research,” a spokesperson said.

The organization stressed that cervical cancer screening plays a vital role in early cancer detection and that people must trust their information will be handled carefully. Whether the breach will cause more people to avoid screenings is unclear, the spokesperson added, “but it could be an extra reason for some not to come.”