Report: Cervical cancer study data leak of 485,000 women also hit many more people

The recent cyberattack on Clinical Diagnostics, the laboratory conducting the cervical cancer screening for Population Screening Netherlands (Bevolkingsonderzoek Nederland), has exposed a much larger scope of sensitive medical data than initially reported.

While it was first confirmed that private data of 485,000 women participating in the cervical cancer screening program were stolen, further investigation by RTL Nieuws reveals that the breach also includes personal and medical information from tests on skin, urine, penis, vagina, anus, and wound fluid. A small portion of this data has reportedly already appeared on the dark web.

The leaked data includes names, home addresses, birthdates, social security numbers, detailed test results, and medical advice following examinations. The information comes from patients of hospitals such as the Leiden University Medical Center (Leids Universitair Medisch Centrum), Amphia Hospital, and Alrijne Hospital, as well as numerous general practitioners and independent clinics. The stolen data covers tests conducted from 2022 through 2025.

Among the data available on criminal sites are records of 53,516 patients who underwent tests ordered by their general practitioners. Experts estimate that this represents only a fraction of the total stolen data. The hackers reportedly claim to possess 300 gigabytes of data, although only about 100 megabytes have been publicly disclosed so far.

Elza den Hertog, chairwoman of Population Screening Netherlands, expressed her shock and concern about the breach. “We understand that the women who participated in the screening through us are naturally very shocked. We want to sincerely apologize for what has happened,” she told RTL.

Both Clinical Diagnostics and the perpetrators behind the hack have been asked by RTL for comment but have not responded.