Data breach affecting over 485,000 participants in cervical cancer screening after hack at external laboratory
August 11, 2025
- Data from participants in the cervical cancer screening program using self-tests or smears at the Dutch Population Survey have been hacked
- The data breach occurred at an external diagnostic laboratory
- The ICT environment of the Dutch Population Survey has not been endangered or compromised
- In addition to personal data, referrals from general practitioners/health insurance data have also been leaked
- The Dutch Population Survey will personally inform all those involved
- Further investigation has been launched to clarify how this could have happened
- Data subjects must be alert to misuse of their data
- The leak does not affect the outcome of investigations
- Want to know more? Go directly to the frequently asked questions.
Data from over 485,000 participants in the cervical cancer screening program has been stolen by criminal hackers after they managed to access some of the IT systems of the Clinical Diagnostics NMDL laboratory (a subsidiary of Eurofins) in Rijswijk. This laboratory tests participants' cervical smears and self-tests on behalf of the Dutch Population Survey (BOP), which conducts these studies on behalf of the National Institute for Public Health and the Environment (RIVM). As far as is known, the hackers accessed the personal data of participants in the screening program. This includes personal data such as name, address, date of birth, citizen service number (BSN), possible test results, and the names of the participants' healthcare providers. The Dutch Population Survey (BOP) finds this appalling.
Very shocked
Elza den Hertog, Chair of the Board of Directors of the Dutch Population Screening Association (BDO): “We are deeply shocked by this data breach, and we understand that participants who participated in population screening through us are also very shocked. I would like to express to them our deepest regret that this has happened. Participating in the cervical cancer screening program is already a stressful experience for many participants. And now you're being told that your personal data may have been leaked as well. At BDO, we set high standards for due diligence and data security for participants in the screening programs, and we always make agreements about this with the laboratories that perform the tests. We deeply regret that this has now gone so wrong at one of the laboratories we work with. An independent investigation has therefore been launched into how this could have happened and how we can prevent such incidents as much as possible in the future.”
Temporarily suspended
The Dutch Population Screening Association (BDO) has temporarily suspended services from Clinical Diagnostics NMDL until it is certain that processing new test results in the Clinical Diagnostics NMDL IT environment can take place safely. The BDO, together with experts from the Ministry of Health, Welfare and Sport (VWS) and in consultation with Clinical Diagnostics NMDL, has launched an independent external investigation into the security of the systems. You can continue to participate in the cervical cancer screening program. The tests are being analyzed in a different laboratory.
Affected participants receive letter
On August 6th, the Dutch Population Survey (BNP) was informed by the laboratory (Clinical Diagnostics NMDL) that a hack had occurred between July 3rd and 6th. Since being informed of the hack, BNP has been making every effort to gain insight as quickly as possible into what exactly happened to the data of the population survey participants. Because this involves a large group of participants and sensitive medical data, this must be done with great care and will take some time. Affected participants will receive a letter from BNP in the coming weeks as soon as more clarity about their involvement is available. The letter will be sent as soon as that clarity is available. Due to the impact, BNP has chosen to announce this to the media now. This is being done in consultation with the RIVM (National Institute for Public Health and the Environment) and the Ministry of Health, Welfare and Sport (VWS).
No influence on the outcome of the investigations
The data breach will not affect the results that participants in the cervical cancer screening program have already received or will receive. Participants who have already undergone testing do not need to participate again.
Research into the scope of the data breach
The Dutch Population Survey (BDO) is in close contact with the National Institute for Public Health and the Environment (RIVM) and the Ministry of Health, Welfare and Sport (VWS). A report has also been filed with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and the Health and Youth Care Inspectorate (Zorg en Jeugd) (Healthcare and Youth Inspectorate). Furthermore, a comprehensive investigation is currently underway into the exact consequences of this hack and the security of the systems. This investigation should reveal, for example, how the hackers accessed the systems at Clinical Diagnostics NMDL and how this can be prevented in the future.
Pending the results of this study, the Dutch Population Survey has decided to temporarily suspend testing by Clinical Diagnostics NMDL. Other laboratories will take over these tests.
Other population surveys
Clinical Diagnostics NMDL processes only the cervical cancer screening test material for the Dutch Population Survey (BNP). Data from participants in the breast cancer and colon cancer screenings are not affected by this data breach, as these tests are performed in different laboratories.
Always be alert to fraud
It's possible that malicious actors could misuse illegally obtained personal data. Therefore, it's important for everyone to always be alert to potential fraud. The hack involved the email addresses and phone numbers of a limited group of participants. Nevertheless, it's important for all those involved, who are informed by letter, to remain vigilant for any potential misuse of personal data. The Dutch government's website explains exactly what participants can do if they suspect their data is being misused by malicious actors.
To ask
We understand you may have questions. We keep you informed of the latest news on our website, where you'll also find answers to frequently asked questions . If your question isn't listed here, you can contact our helpline. You can do so by sending an email to vragenBMHK@bevolkingsonderzoeknederland.nl . If you prefer to call, please see the contact page on our website for the correct phone number for your region.
Clinical Diagnostics NMDL has posted information about the data breach, answers to frequently asked questions, and contact information about this data breach on its website .
Design of population-based cervical cancer screening
Women aged 30 to 60 (and in some cases up to 65) can participate in the cervical cancer screening program in the Netherlands. They will automatically receive an invitation. Using a self-sampling kit, they can collect and send samples at home. They can also choose to have a smear taken at their GP. The collected samples are processed in a laboratory. The Dutch Population Screening Association (BDO) collaborates with three different laboratories for this program, each of which screens a portion of the samples.
Profile Population Survey Netherlands
The Dutch Population Screening Association (BNP) conducts population screenings for breast cancer, cervical cancer, and colorectal cancer. The Ministry of Health, Welfare and Sport (VWS) has ultimate responsibility. The RIVM National Institute for Public Health and the Environment's Centre for Population Screening commissions, coordinates, and provides funding for these screenings. BNP manages the implementation in collaboration with its partners in the network—such as general practitioners and hospitals—with the aim of detecting cancer at an early stage.
You must be logged in to post a comment.