3 months Ago
The attack, initially thought to affect 485,000 women on the national cervical cancer screening program, has been found to include personal details and medical records spanning from a variety of diagnostic tests.
Data With Different Medical Test Results
The breach gives details of intimate results from tests for skin, urine, penis, vagina, anus, and wound fluid. To make things worse, some of this stolen data has already landed on the dark web.
The records disclose the names and home addresses of about two million people in addition to their birthdates, social security numbers, detailed test results, and which medical advice was provided after testing.
Hospitals and Clinics Impacted
One of the healthcare facilities is Leiden University Medical Center (Leids Universitair Medisch Centrum), while another is linked with Amphia Hospital and Alrijne Hospital.
It also gathered data from hundreds of general practitioners and non-affiliated clinics. The breach began in 2022 and extended to 2025, meaning that it affected test results over a significant period of time.
General Practitioner Data Also Leaked
As viewed by the insurance giant, files pertaining to 53,516 patients who had required tests through their doctors were reviewed.
Experts estimate that this is only a tiny portion of the complete stolen data. While the hackers have said that they have about 300 gigabytes of data in their possession, less than 100 megabytes have been leaked so far.
Concerns Over Patient Privacy
The situation has got Elza den Hertog, the chairwoman of Population Screening Netherlands, extremely worried. She said the breach was "terrible" and especially hard on women who came to the screening, and apologized genuinely for her organization.
Breach of the Scale: Raising the Alarm
Just the dumping of a small part of the material raises worrying questions about what other kinds of sensitive medical information could still be out there. The authorities and cybersecurity experts are still evaluating the extent of the data stolen.
No Comment from Key Parties
STAT has requested comment from both Clinical Diagnostics and the parties involved in the cyberattack. Neither has responded as of yet. The incident highlights the rise of cyber threats targeting protected health information.
