The Clinical Diagnostics laboratory was already aware of a hack involving cervical cancer tests in July, but only informed the parties involved last week. The National Screening Program Bevolkingsonderzoek Nederland has described the behavior as “shocking.”
It was only last week that the Rijswijk-based laboratory Clinical Diagnostics informed the parties involved about a serious data breach that had already taken place in early July. During this breach, data from hundreds of thousands of women who participated in the population screening for cervical cancer was stolen.
The Dutch National Population Screening Program has reacted furiously to this slow communication. “It is shocking and very reprehensible that the data breach is only now being communicated,” the organization told Nieuwsuur.
Expert Bart van der Sloot points out that this delay is in violation of GDPR legislation, which requires companies to inform those affected within 24 hours of a data breach. He calls Clinical Diagnostics’ actions “completely irresponsible” and emphasizes that the company is breaking the law.
Measures and investigation launched
Following the disclosure, Bevolkingsonderzoek Nederland took immediate action. Clinical Diagnostics’ services have been temporarily suspended until guarantees can be given that new test results can be processed securely. Outgoing Minister of Health Daniëlle Jansen has announced an investigation into the hack.
Bevolkingsonderzoek Nederland has stated: “To the best of our knowledge, Clinical Diagnostics has taken measures to plug the leak. Since we were informed about the hack, we have been doing everything we can to gain insight into exactly what happened to our clients’ data as quickly as possible.”
The organization has also launched an independent investigation into the cause and preventive measures for the future.
Impact on participants
State Secretary Judith Tielen of Youth, Prevention, and Sport acknowledges the emotional impact on participants in the population screening. “Participating in the cervical cancer screening is often stressful enough. I find it very upsetting for participants that their personal data has now been hacked.”
She emphasizes the importance of trust in the security of personal data. “You have to be able to trust that your data is safe.” All women involved will soon receive a personal letter explaining the data breach and the measures taken.
Healthcare sector vulnerable to cyberattacks
Cybersecurity expert Anouck Teiller of HarfangLab puts the hack into a broader perspective for Techzine. “This hack painfully highlights how vulnerable our healthcare sector is to digital threats,” she says. “It’s not just about stolen data, but a direct violation of the privacy and trust of hundreds of thousands of women.”
The incident is a clear warning to the entire healthcare sector. “Cybersecurity in healthcare is not a ‘nice to have’, but an absolute prerequisite,” concludes Teiller. The late reporting by Clinical Diagnostics not only has legal consequences, but also undermines confidence in the healthcare system at a time when cyber threats are only increasing.
Read also: Data breach at laboratory much larger than expected, data also on the dark web