Dutch Minister and parliamentarian's details in laboratory leak

A massive leak of laboratory data included the private information of a Minister in the current Dutch Cabinet and a sitting parliamentarian, RTL Nieuws discovered. The politicians’ names, home addresses, citizen service numbers (BSNs), and medical tests were published on the dark web.

The data is from the hack at the Clinical Diagnostics laboratory, a lab used for all kinds of medical tests, as well as the population screening for cervical cancer. In the Netherlands, the data breach affects 485,000 women who participated in the cervical cancer screening, as well as around 50,000 patients sent for tests by their house doctor.

An investigation by RTL Nieuws showed that two Dutch politicians are among those affected. The cybercriminals published the results of the Minister’s skin examination in 2023. They also published the details about a uterine examination of the parliamentarian, also done in 2023. The leak also contained information about their general practitioner and health insurance. RTL informed the two politicians.

The data breach also includes the names of inmates in Dutch prisons and TBS clinics, closed institutions for people sentenced to treatment. Several penitentiary institutions and their prisoners are listed in the leak, including institutions in Utrecht, Zwolle, Leeuwarden, and Alphen aan den Rijn.

The Dutch Custodial Institutions Agency (DJI) confirmed to the broadcaster that the leak affects 253 current and former prisoners. “These people received medical care during their detention. The DJI deeply regrets the situation and considers it important to inform the affected individuals first; they will receive a letter this week.” The DJI suspended collaboration with the lab until the investigation into the data breach is completed.

Clinical Diagnostics was hacked over a month ago. The stolen data appeared on the dark web on July 6. The cybercriminal group Nova claimed the hack. According to RTL, Nova is a relatively new group known for ransomware attacks targeting companies and organizations.