Warning sent to a million women in the Netherlands over cancer screening data hack

Nearly a million women will receive a letter from the Dutch Population Screen organization in the coming days. The woman had participated in a cervical cancer screening, and as a result, their data is stored in the systems of a lab in Rijswijk that was recently hacked.

Dutch Population Screening reported previously that hackers had stolen the data of at least 715,000 women. But it is unclear whether this is the full extent of the information that the hackers were able to obtain. The hack occurred in early July. Among other data, the hackers obtained names, gender markers, dates of birth, addresses, test results, and citizen service numbers

The systems that were hacked contain information of over 941,000 people who have participated in a screening program since 2017. Dutch Population Screening is therefore sending all of them a letter, which will be delivered between September 12 and 17.

The lab Clinical Diagnostic also analyzed biological samples for private clinics. In addition, it conducted research for the Dutch Custodial Institutions Agency. As a result, the data of more than 250 current and former inmates were compromised. It is still unknown how many organizations in total have been affected, and how many people have been impacted.

The hacker group Nova, believed to be responsible for the attack, initially demanded a ransom of 11 bitcoins (approximately €1.1 million) to prevent further publication of the stolen data. After Clinical Diagnostics paid a substantial amount, part of the data was removed from the dark web.

Bevolkingsonderzoek Nederland has temporarily suspended its collaboration with the laboratory and is investigating, together with the RIVM and the National Cyber Security Centre (NCSC), how the data breach occurred and how such incidents can be prevented in the future.