The Healthcare and Youth Inspectorate (IGJ) is going to investigate the Clinical Diagnostics laboratory in Rijswijk. Hackers recently stole data at this laboratory from hundreds of thousands of women who participated in the population screening for cervical cancer.
The IGJ's investigation focuses on information security. It is coordinating the timing and approach closely with the Personal Data Authority (AP). The AP is already investigating under the General Data Protection Regulation (AVG).
The IGJ is also going to pay extra attention to information security at laboratories in a broader sense. This is partly in response to the risks that became visible in this case.
Generally speaking, in the context of good and safe care, care providers who process personal data in a healthcare information system must be able to show that they work in accordance with the standard drawn up for this purpose, the NEN 7510. The IGJ monitors this. This standard sets requirements for the organization of information security. For example, identifying risks and setting up appropriate measures, both organizational and technical. The AVG is about handling personal data in general, the NEN 7510 about information security in healthcare.
