Hackers breach cancer screening data of almost 500,000 women
Personal health data from more than 485,000 women has been stolen after hackers accessed the IT systems of a cervical cancer screening programme in the Netherlands.
The incident occurred between 3 July and 6 July 2025 at the Eurofins Clinical Diagnostics NMDL laboratory in Rijswijk, which tests cervical smears and self-tests for the Dutch Population Survey (BDO).
Cyber criminals are believed to have accessed sensitive patient information including names, addresses, dates of birth, citizen service numbers, test results, and participants’ healthcare providers, according to a press release from the BDO.
Elza den Hertog, chair of the board of directors of BDO, said: “We are deeply shocked by this data breach, and we understand that participants who participated in population screening through us are also very shocked.”
She added: “Participating in the cervical cancer screening programme is already a stressful experience for many participants and now you’re being told that your personal data may have been leaked as well.
“At BDO, we set high standards for due diligence and data security for participants in the screening programmes, and we always make agreements about this with the laboratories that perform the tests.
“We deeply regret that this has now gone so wrong at one of the laboratories we work with.”
Commenting on the breach, Rik Ferguson, vice president of security intelligence at Forescout, said: “This breach is a clear example of a systemic blind spot.
“Almost half a million highly sensitive medical records were exposed because they passed through a subcontracted lab where attackers found a way in.
“The result is not just another breach statistic; it’s a demonstration of how quickly a single weak link can compromise an entire security chain.
“What happened here fits a much broader pattern. Healthcare has become a prime target because the data is priceless, the networks are complex, and the sector is under constant pressure to deliver more with less.”
Source: Digital Health, 13 August 2025