Hackers give lab deadline to pay around €1.1 million to prevent medical data leak

A cybercrime group that stole medical data from a laboratory in Rijswijk is demanding nearly 1.1 million euros from the company to prevent the stolen information from being made public, NOS reported. A countdown clock on the dark web reportedly gives Clinical Diagnostics until the night of August 28–29 to pay the ransom and stop the data from going public.

The hackers, operating under the name Nova, specifically requested 11 bitcoins, roughly 1.1 million euros. Nova claimed another buyer is also interested in purchasing the stolen data.

The group also accused Clinical Diagnostics of breaching prior agreements, though it did not specify which agreements. The alleged violation may involve the company alerting the police after the data breach.

Clinical Diagnostics previously paid a ransom to Nova, the hackers confirmed to RTL, though the amount was not disclosed.

The attack affected 485,000 women who participated in the national cervical cancer screening. Stolen information includes names, addresses, birth dates, citizen registration numbers (BSNs), and potentially test results. These women either visited their general practitioners for a Pap smear or completed a home self-test.

Data from more than 50,000 additional patients has allegedly already been published on the dark web. This dataset includes records from other medical examinations, such as tests of the vagina, penis, urine, skin tissue, and wound fluid.

The group claims to have taken 300 gigabytes of data in total. Files published online so far totaled 85 MB, approximately 0.03 percent of the entire dataset.