The breach occurred at Clinical Diagnostics NMDL, a processing lab in Rijswijk, during the first week of July. The national research agency that organizes the screenings, Bevolkingsonderzoek Nederland, confirmed the incident. They stated that the hackers accessed a massive database containing sensitive information.
The stolen data includes the names and addresses of approximately 485,000 women. It also contains information on health professionals and details about patient referrals. According to a spokesperson for Bevolkingsonderzoek Nederland, the data likely covers several years of testing, including results from self-tests and tests done at local doctors’ offices.
The situation is still developing. “Further investigation will have to show what exactly happened and which data were stolen,” the spokesperson told Dutch broadcaster NOS.
For now, the full scope of the breach remains uncertain. But the immediate fallout is clear. Bevolkingsonderzoek Nederland has stopped working with the NMDL clinic to prevent any more data from being compromised. They also noted that while the hackers could access and copy the information, they could not alter the original records. The targeted lab, Clinical Diagnostics NMDL, has declined to make any public comments on the attack.
The Nova Gang’s Demands and a Broken Deal
This is not a simple data theft. It’s a high-pressure extortion campaign. The ransomware group Nova has claimed responsibility and is using the stolen data as leverage. The group posted a message on their darknet site threatening to release more of the sensitive medical files if their demand for €1.1 million is not met within 11 days.
The situation is complicated by accusations from the hackers themselves. Nova claims that the clinic broke an agreement by involving the police. This suggests there may have been initial negotiations between the lab and the attackers. A police spokesman confirmed they were involved, telling the NRC newspaper that they were “active in the background” after the clinic reported the crime.
There are also reports that this isn’t the first time money has changed hands. According to RTL Nieuws, anonymous sources at both Nova and the clinic claim that NMDL already paid an undisclosed ransom. After that payment, the gang reportedly removed the data of over 50,000 women from their leak site. But now they are back, demanding more money and threatening to release the rest of the stolen files.
This tactic, often called double extortion, is common among modern ransomware groups. First, they encrypt a victim’s files to disrupt their operations. Second, they steal copies of the data before encrypting it. This gives them a powerful bargaining chip. Even if the victim can restore their systems from backups, the threat of a public data leak remains. It forces the victim to consider paying the ransom just to protect the privacy of their clients and avoid regulatory fines.
Who is the Nova Ransomware Gang?
The Nova group is considered a newer player in the ransomware scene. But they have quickly made a name for themselves. Their successful attack on the local government authorities in Pisa, Italy, shows they are capable of breaching significant targets. Like many ransomware operations today, they likely operate a Ransomware-as-a-Service (RaaS) model. This means the core developers of the malware license it out to other criminals, or “affiliates,” who then carry out the attacks in exchange for a cut of the profits. This model allows ransomware to spread quickly and makes it harder for law enforcement to track down the main perpetrators.
Why Healthcare is a Prime Target
The healthcare sector is a very attractive target for cybercriminals. There are a few key reasons for this.
First, the data is extremely sensitive. Stolen medical records contain information that people want to keep private. This makes the threat of a public leak a powerful tool for extortion. People are much more concerned about their health history being published online than their credit card number, which can be easily canceled and replaced.
Second, medical data has a long shelf life. A person’s medical history doesn’t change. This makes it permanently valuable on the dark web for various types of fraud, such as filing false insurance claims or obtaining prescription drugs illegally.
Third, healthcare organizations are often seen as having weaker security than financial institutions. They manage complex networks of devices, from patient monitors to imaging machines, many of which may run on older software that is hard to patch. This creates a large attack surface for hackers to exploit.
Finally, the need for constant uptime is critical. A hospital or a lab cannot afford to be offline for days or weeks while they recover from an attack. This pressure to restore services quickly makes them more likely to pay a ransom.
The Impact on the Victims
For the nearly half a million women affected, this breach is a serious violation of privacy. Bevolkingsonderzoek Nederland has started sending letters to them with more information. The primary warning is to be on high alert for phishing attacks.
With access to names, addresses, and knowledge that a woman participated in a cancer screening, criminals can craft highly convincing and targeted scam emails or text messages. For example, a fake message could claim there is an urgent update about their test results and ask them to log in to a fake website, tricking them into revealing passwords or financial information.
The organization is advising all affected individuals to be extremely cautious of any unsolicited communication that references the screening program. They should never click on suspicious links or provide personal information in response to an unexpected email or message.
The breach creates a difficult situation for everyone involved. The victims face the stress of their private information being in criminal hands. The clinic faces a financial and reputational crisis. And the authorities have the tough job of investigating the crime while navigating a live extortion attempt. This incident shows just how damaging a ransomware attack can be, especially when it hits a sector as critical as healthcare.
