Logo
Data+

Clinical Diagnostics hack: a harsh wake-up call for healthcare

Advice from ‘Cracked by Jordens’ makes it clear that hospitals and laboratories need to take fundamental security measures now.

Published on August 12, 2025

cyber security in medical lab
Team IO+

By: Team IO+

Team IO+ selects and features the most important news stories on innovation and technology, carefully curated by our editors.

The hack at Clinical Diagnostics, one of the largest medical data breaches ever in the Netherlands, painfully exposes how vulnerable our healthcare sector is to cyberattacks. Drawing on the advice given by cybersecurity expert Patrick Jordens in previous episodes of our Cracked by Jordens series, we take stock of the situation. Conclusion: Hospitals and laboratories must take fundamental security measures now.

The recent data breach at Clinical Diagnostics—involving data from population screening for cervical cancer and a wide range of sensitive medical tests, including urine, skin, and genital examinations—has shocked the Netherlands. Names, addresses, dates of birth, social security numbers, test results, and medical advice from multiple hospitals have been stolen. The portion that is now online is only a fraction of what the criminals claim to have stolen. This is more than an incident: it is a crisis that calls for radical improvements in digital security in healthcare.

Prevention is better than a cure

Looking back on Jordens' warning in the episode about the police hack, he emphasized that “preventive measures are essential.” An insurance, no matter how comprehensive, is not the solution, he says. When systems that protect sensitive medical data collapse, no policy can reverse the damage. This hack is therefore not just an IT failure, but also a crisis of public health and trust. Healthcare institutions and laboratories must move from reactive action to robust, proactive security. After all, public confidence in safe healthcare is essential.

coding-1841550_1280.jpg

'Disturbing' police hack should be wake-up call for every business

In the Cracked by Jordens series, we look at the cyber security of consumers and businesses in the Netherlands. Today we cover the recent police hack.

The hidden threat of dark web tools

Jordens has previously warned how easy it is for cybercriminals to obtain tools on the dark web to crack passwords or spread ransomware, partly even via “ransomware-as-a-service.”

Weak access security may have made Clinical Diagnostics an easy target. Strong, unique passwords and extra security layers such as multi-factor authentication should be the norm, not an option.

Human manipulation: an unpredictable open door

Social engineering remains a widely used attack method. Jordens described how criminals pose as colleagues or acquaintances via email or AI-generated voices. Healthcare organizations under pressure, without sufficient training or alertness, are particularly vulnerable. Employees must learn to recognize and resist subtle forms of phishing and impersonation, especially in sensitive work environments such as laboratories.

Ethical hacking: staying one step ahead

White-hat hackers’ – so-called ethical security professionals – can detect vulnerabilities before ‘black hats’ exploit them. Jordens compared hiring internal parties for a security check to ‘the butcher inspecting his own meat’ and argued for independent ethical hackers and a policy of responsible disclosure. Clinical Diagnostics and its partners in healthcare should systematically use such external tests to find and close blind spots in their systems.

hacked2.png

Consumers and businesses beware: ‘Lack of a backup strategy will cost you dearly’

In the Cracked by Jordens series, we look at the cyber security of consumers and businesses in the Netherlands. Today, we cover the increasing number of incidents.

Backups are only half the story

A good backup strategy is essential. Attackers often target backups first. Jordens emphasized that “a well-thought-out backup strategy,” preferably external and isolated, is crucial for recovery. Hospitals and laboratories must ensure that backups are separate from production systems, tested regularly, and protected against manipulation.

Time for a ‘health security reset’

This hack clearly demonstrates what Jordens has been saying for some time: security should not be marketing talk; it must be a fundamental principle. The hack at Clinical Diagnostics makes it clear that the entire healthcare sector has a to-do list that cannot be put off any longer:

  • Have external security audits and ethical hacks carried out.
  • Enforce strong access security and multi-factor authentication.
  • Train all employees in recognizing social engineering.
  • Isolate backups and check them constantly.
  • Work on security structurally and continuously, instead of reacting ad hoc.

Only then can organizations that manage our most personal data regain trust and withstand the constant stream of digital threats.