Knowledge base

September 06, 2025

Data breach Cervical Cancer Screening – Facts & Impact

 

Why this data breach should wake up the Netherlands

In July 2025, the Netherlands was rocked by one of the largest medical data breaches ever. At Clinical Diagnostics NMDL, a laboratory that analyzes smears on behalf of Bevolkingsonderzoek Nederland, personal and medical data of now more than 941,000 Dutch citizens were captured. What began as an incident with “only” 485,000 victims, turned out after investigation to be almost twice as large.

The data includes not only names, addresses and BSNs, but also sensitive medical test results. Fortunately, for those involved, the immediate concern is limited – test results remain valid and participants do not have to re-submit. Still, the impact is significant: identity fraud, phishing and loss of trust in healthcare lurk.

This incident highlights how vulnerable Dutch healthcare institutions and their partners are to cyber attacks. The healthcare sector processes the most sensitive data while being highly regulated under AVG, NEN7510 and BIO. Yet external suppliers often turn out to be the weakest link.

In this blog, we explain:

  • What exactly happened in the population study data breach.

  • How Dutch agencies (RIVM, VWS, AP, IGJ) are responding.

  • What challenges are specific to healthcare ICT in the Netherlands.

  • Why preventive security is always cheaper than damage repair.

  • How ALTA-ICT helps organizations with ISO-certified solutions.

Cybersecurity – Awareness is the biggest weakness

What happened in the data breach?

  • Hack at NMDL (Rijswijk): between July 3 and 6, criminals gained access to Clinical Diagnostics’ systems.

  • Initial estimate: ±485,000 population-based cervical cancer screening participants.

  • Ultimate volume: nearly 941,000 participants since 2017. This includes other laboratory tests (skin, urine, penis, anus, vagina, wound examination).

  • Sensitive data: name, address, date of birth, BSN, GP data and in some cases medical test results.

  • Government response: Bevolkingsonderzoek Nederland suspends cooperation with NMDL. Letters will be sent to all concerned.

 

How could this happen?

  • Security flaws: likely insufficient monitoring, weak segmentation of data and lack of zero-trust architecture.

  • Responsibilities: NMDL as implementing party, but final responsibility with Bevolkingsonderzoek Nederland and VWS.

  • Investigations: Personal Data Authority, Health Care & Youth Inspectorate, police and prosecutors are involved.

  • Best practices: comparison with ISO27001, NEN7510 and BIO. How could this have been avoided?

  • ALTA-ICT expertise: explaining how we deploy 24/7 SOC monitoring and threat detection to identify these types of attacks in a timely manner.

 

Challenges for Dutch healthcare institutions

  • Compliance pressures: AVG (72-hour notification requirement), NEN7510 for healthcare, BIO for government organizations.

  • External suppliers: often the weakest link in the chain.

  • Loss of trust: citizens question whether their data is still safe.

  • Complex chains: collaboration between general practitioners, laboratories, hospitals, VWS and private parties makes security difficult.

  • Digital transformation: more and more healthcare processes are becoming digital – but that also increases the attack surface.

 

ROI of a solid security approach

  • Costs of a data breach: legal claims, AVG fines, forensics, PR damage and loss of trust.

  • Savings: preventive investments are on average 3 to 5 times cheaper than recovery after a data breach.

  • Reputation: one incident can undermine decades of trust in healthcare.

  • Example case study: how awareness training prevents phishing and can save millions.

 

ALTA-ICT approach – why we make a difference

At ALTA-ICT, we help Dutch organizations in the healthcare, financial and government sectors prevent data breaches. Our approach:

ISO27001, NEN7510 and BIO certified
24/7 SOC monitoring and threat detection
AVG-proof audits and implementations
Zero-trust architecture and segmentation
Awareness training for employees
Dutch market knowledge (DigiD, NORA, VWS guidelines)

Thanks to this approach, we prevent data breaches, mitigate risks and realize a demonstrable ROI for our clients.

 

FAQ

1. Do I have to participate in the population study again?
No, the reliability of test results is not affected.

2. Am I automatically affected?
All those affected will receive a personal letter.

3. What should I do to prevent identity fraud?
Be alert to phishing, check bank statements and consider ID monitoring.

4. What role does ALTA-ICT play in this type of incident?
We offer audits, monitoring and consulting to organizations to prevent these types of data breaches.

5. What standards apply to healthcare data in the Netherlands?
AVG, NEN7510 and BIO are leading.

 

Conclusion

The data breach at NMDL shows that the security of medical personal data in the Netherlands still needs to make great strides. With over 941,000 citizens affected, this incident is a wake-up call for the entire healthcare industry.

At ALTA-ICT we believe that prevention is always better and cheaper than recovery. With our ISO-certified approach, 24/7 monitoring and knowledge of the Dutch healthcare market, we ensure that your organization is compliant and secure.

👉 S chedule a free IT risk scan today at alta-ict.co.uk/free-consultation.

 

Reference

¹https://www.linkedin.com/posts/altaict_bevolkingsonderzoek-eurofins-datalek-activity-7360916707651067905-hX_U

²https://www.bevolkingsonderzoeknederland.nl/nieuws/datalek-met-ruim-485000-deelnemers-bevolkingsonderzoek-baarmoederhalskanker-na-hack-bij-extern-laboratorium/

Want to know more?

Get in touch
ALTA-ICT cybersecurity visual met digitaal schild en datalek 2025 Nederland