NL: Dutch watchdog says healthcare lab failed data security rules before cyberattack affecting 850,000

**Executive summary:** In July–August 2025 the Nova ransomware gang attacked Clinical Diagnostics (Bevolkingsonderzoek Nederland), exfiltrating medical records from cervical cancer screening participants and publishing portions of the stolen data; initial reporting estimated ~500,000 victims and later reporting increased the affected count to over 850,000. The organisation reportedly paid about €1.1M in cryptocurrency, the Dutch Health and Youth Care Inspectorate found the lab negligent for failing to meet mandatory cybersecurity and risk-assessment standards, and law enforcement is investigating while compensation claims are being prepared.