The data hack at a clinic that held the cancer screening data of almost half a million women was more extensive than originally reported, RTL Nieuws has claimed, based on an investigation.

Apart from the results of cervical smear tests, other analysis results from tests on skin, male genitalia and urine have been taken from patients at LeidenUMC, the Amphia hospital and Alrijne hospital, dating back to 2022.

According to RTL, the data of 53,516 people were put on the dark web, just 100 megabytes of the 300 gigabytes the criminals claimed to have stolen.

In a statement on Monday, Clinical Diagnostics Nederland stated that the leak, which took place in early July, had been of short duration and that immediate action was taken to safeguard the remaining data.

Screening agency Bevolkingsonderzoek Nederland was only told about the leak on August 6, and could only then warn the women to be on the alert for targetted fishing mails and other irregularities.

The clinic said it did not immediately publicise the leak because it wanted to “take the right steps”, even though it is obliged to inform the affected clients and agencies such as the privacy watchdog within 24 hours.

Z-CERT, the healthcare cybersecurity-expertise centre, said it had detected data from the clinic on the dark web and had told Clinical Diagnostics to inform their clients, Z-Cert director Wim Hafkamp told the NRC.

Privacy expert Bart van der Sloot said the clinic should have informed its clients  about the data breach immediately. “This company acted against the law. Completely irresponsible behaviour,” he told broadcaster NOS.

Van der Sloot, healthcare institutions are among the most hacked in the Netherlands and more action needs to be taken to protect data. Last year, privacy watchdog AP received reports of some 7,000 incidents related to medical data.

The hack may lead to a lack of trust in healthcare, Van der Sloot said. “People avoid care in countries where privacy is not guaranteed,” he said.

“It’s a nightmare scenario”, the chair of Bevolkingsonderzoek Nederland Elza den Hartog told Nieuwsuur.

Den Hartog said the hack was all the more painful because of efforts to encourage women to take the test. “And we were getting there. And now these women’s data are in the hands of third parties. We are extremely sorry about that,” she said.