As of September 1st, 2025, A major data breach at Clinical Diagnostics was confirmed, which had put patient data at risk. In all, the private medical information of 850,000 people has been laid bare by Nova, a ransomware group.
As a result, highly sensitive information was exposed. This has turned into a public crisis. What's more, the full size of the breach is much larger than what was first let on.
At first, statements from last month pointed to a smaller number of people being affected. For instance, the Centre for Population Screening had said 485,000 people in a cancer screening program were hit. The ongoing investigation, however, has shown that the real number is far higher.
The stolen information includes patients’ full names, dates of birth, and gender. It also holds citizen service numbers (BSN) and private test results. On top of that, the names of their healthcare providers were also exposed.
What Does This Breach Mean for Healthcare Security?
This event shows the huge risk that cybercriminals present to the healthcare field. In other words, this breach gives us a new understanding of what can happen when patient data is not locked down. Usually, data breaches are stopped from spreading.
- This incident, however, shows how a single weak spot can end up affecting hundreds of thousands of people.
- This points out a serious weakness in the healthcare supply chain. For government groups and private clinics, this hack is the worst thing that could happen. It gives direct proof of the terrible effect a single vendor breach can have on the whole healthcare system.
- The release of such private data is one of the most serious medical breaches ever in the Netherlands. It has already kicked off a large legal response. For example, two law firms are getting ready to file a class-action lawsuit.
This situation gives us a chance to look over our methods and build stronger ways to handle patient data.
Who is the Nova Ransomware Group?
Nova is a ransomware group that is set on making money through exploiting sensitive information. This ransomware group is known for going after companies or organizations that hold sensitive data.
To put it simply, their method is to pull out large amounts of data. Then, they ask for a ransom payment to stop them from releasing it to the public. Their main technique is to find and use weaknesses in a company's security.
They often do this by going through third-party vendors.
Operational Details Exposed By The Attack:
- Two Goals: The group's main goal is to get money through threats or ransoms. Secondly, by attacking healthcare, they put a great deal of pressure on their victims. They do this to make them pay the ransom quickly. This helps them stay away from public panic and government fines.
- Found Proof: The Nova gang successfully took data from the government's cancer screening program. They also got hold of data from private clinics and general doctors who used Clinical Diagnostics. This shows their skill in moving inside a network to take out a wide range of valuable information. This action causes the most damage from just a single break-in. So far, over 70,000 affected patients have already signed up for a potential damages claim.
In their public statements, ransomware groups like Nova show they do not care about patient privacy.
How to Stop Data Theft by Groups Like Nova?
Groups like Nova succeed when they get past outer defenses to steal data from servers. To put a stop to this, it is very important to have a security system that can guard access to private information from inside the network.
This shows that even with firewalls and antivirus software, attackers who are set on getting in will find a way. A system is not safe if people who are not supposed to be there can get to its central files.
Software like Infisign lets you set up a system to look after user identities and keep important data safe.
- It protects user accounts with modern passwordless sign-in methods. This method greatly lowers the risk of stolen of login details. This is because there are no passwords that can be stolen.
- Also, a privileged access management (PAM) system makes sure that only certain people can get to the most secret information. If an attacker breaks into the network, the PAM system acts like a vault. It keeps them away from patient records. This adds more layers of security to stand up to a group like Nova.
Ready to shield your company from cyber threats? Get in touch with the Infisign team for a free demo!
