Dutch Healthcare Lab Breached: 850,000 Women's Medical Records Stolen After Security Failures

In August 2025, a Dutch research agency called Bevolkingsonderzoek Nederland announced that hackers stole medical data from half a million women who had cervical cancer screenings. The total number affected is now known to be 850,000 women. The Dutch data protection watchdog found that the lab had failed to follow basic data security rules before the attack happened. The lab paid a ransom to the Nova ransomware gang, but the criminals then apparently demanded additional money after the lab contacted police.

This breach primarily affects women in the Netherlands who received cervical cancer screenings through this lab. Their personal medical information was stolen by criminals.

While this specific incident happened in the Netherlands, it offers important lessons for everyone about healthcare data security. The situation got worse because even after paying the ransom, the criminals were not satisfied and may have demanded more money.

If you are one of the affected women in the Netherlands, contact Bevolkingsonderzoek Nederland directly for specific guidance about your records. If you live elsewhere but receive regular health screenings, ask your healthcare provider what security measures they have in place to protect your medical information. Request information about whether your data is encrypted and how it is stored. Be extremely cautious about any emails or phone calls asking for medical information or insurance details, as criminals may use stolen data to commit fraud. This incident demonstrates why you should never assume that healthcare providers automatically follow good security practices. Before sharing medical information with any lab or provider, ask about their data security policies. Keep your own records of medical tests and results when possible. Monitor your medical and insurance statements for any services you did not receive, which could indicate identity theft.

Remember that paying ransom to criminals rarely ends well, as this case clearly shows. The best protection is preventing breaches through proper security before attacks happen.