Dutch Healthcare Lab Failed Data Security Rules Before Cyberattack Affecting 850,000 Individuals

In August 2025, Dutch research agency Bevolkingsonderzoek Nederland disclosed that data belonging to 500,000 women who underwent cervical cancer screening was stolen in a cyberattack. The Dutch data protection watchdog determined the healthcare lab failed to comply with data security regulations prior to the incident, which later impacted 850,000 individuals. The Nova ransomware gang demanded payment, which the agency initially paid, but the attackers later escalated demands after learning the lab had contacted police. No specific malware or technical attack vectors were detailed in the report. The breach highlights regulatory non-compliance in the healthcare sector before the attack occurred.