The data breach at Clinical Diagnostics, a laboratory that was commissioned by the Netherlands to investigate the cervical cancer, is even greater than expected. At least 700,000 women have been hit. The body announced this on Friday morning. Data from patients from the Amphia Hospital in Breda have also been stolen.
This week, the Laboratory of Population Research The Netherlands reported that the data of a further at least 230,000 female participants were captured. That is on top of the number of the 485,000 victims that came out earlier this month.
Clinical Diagnostics cannot exclude that Hackers group Nova was able to view the data of all women. That is why the Netherlands Population screening now takes into account that the data from all participants have been stolen.
In total it concerns 941,000 women who have been participating in the population screening for cervical cancer since 2017. For 226,000 women it has not been established that their data has been stolen, but the fear is.
This includes test results, citizen service numbers and addresses. E-mail addresses and telephone numbers did not share the Netherlands Population Research, but other healthcare providers who worked with the laboratory did that.
‘Amphia not responsible’
The Amphia Hospital said before it did not know how many of their patients data has leaked. A spokesperson also emphasized that they are not responsible for the leak.
The data of the 941,000 women are still independent of the data provided by GPs and Diagnostic Centers to Clinical Diagnostics. How many people are involved is unknown: the laboratory and parent company Eurofins have not been answering questions from journalists for more than two and a half weeks.
“We realize that this is a very annoying message for participants of the population screening for cervical cancer,” said the Netherlands Population screening in a written statement.
The data processed by other laboratories are not affected. Population screening for the Netherlands collaborated in total with three laboratories. Since the data breach came to light, the Laboratory of Clinical Diagnostics is no longer used.
Letter
All 941,000 women will receive a letter with more information halfway through next month, including the women who have already received a letter. It will also contain more information about which data was shared with the laboratory, and therefore probably stolen.
Hackers group Nova previously published the personal details of 53,000 people, including men. This information was mainly provided by GPs to Clinical Diagnostics. Although the group initially threatened to publish all data if Clinical Diagnostics would not pay 1.1 million euros, the group came back from that. The hackers say they have removed the data, although that cannot be checked.
Nova is a relatively new hackers group, probably from Russia. Just like many other Russian hacker groups, NOVA is attacking networks and organizations to make money. The hackers steal as much data as possible and then lock the company network; Victims usually have to pay millions of euros to remove the network and prevent the data from being published.
Although the police and the Dutch Data Protection Authority call in not to pay, companies often do so, especially as personal data of customers. If that data is published, customers can fall victim to phishing (a form of fraud in which criminals occur as a reliable body and thus steal data or money, ed.).