Ombudsman criticizes weak response to medical data breach affecting up to 850,000 women

The National Ombudsman has expressed concern over the information provided to victims of the data theft from a laboratory in Rijswijk. Ombudsman Reinier van Zutphen said he has received multiple complaints and reports in recent weeks from victims of the hack. During this cyberattack, criminals stole the data of hundreds of thousands of people, including participants in the cervical cancer screening program.

Although the victims did receive a letter from Bevolkingsonderzoek Nederland, the organization behind the population screening, the ombudsman says it is inadequate. “They feel anxious, uncertain, scared, and angry about the contents of the letter,” Van Zutphen wrote to the Ministry of Health, Welfare, and Sport.

Many victims are still left with questions, he said. Van Zutphen also pointed out that it those affected, and the greater public, still do not know the extent of the data that was stolen, and where it has been published. The victims also feel disregarded, as the letter does not include an apology, the ombudsman said.

“Especially now that Bevolkingsonderzoek Nederland itself calls the leaking of their data ‘terrible’, indicating that the situation is very serious, the victims do not believe remarks they ‘regret the inconvenience’ actually reflect the gravity of the situation,” he wrote.

Soon, all individuals whose personal data has been shared with the Rijswijk laboratory since 2017 will receive a letter, including women who had already received one previously. This is because the data breach is much larger than initially thought.

The ombudsman is asking the ministry, under whose responsibility the letter was sent, to clearly disclose which data was stolen. He also wants to know what measures the ministry is taking to “protect the victims and prevent fraud using their personal data.”