ctipilot.ch

Home · Live brief · Weekly 2026-W20

Clinical Diagnostics / NMDL — Dutch IGJ formal NEN 7510 non-conformity ruling

notable incident discovered 2026-05-11 05:00 UTC single-source

Part of run 2026-W20-71c96b25 (weekly · Claude Opus 4.7)

The IGJ ruling formally found Clinical Diagnostics / NMDL non-conformant with NEN 7510 (Dutch information-security-management standard for healthcare) at the time of the July 2025 ransomware breach (approximately 941,000 patients affected per Computable / daily 2026-05-14, cervical-cancer screening data exposed). First IGJ NEN 7510 non-conformity finding against a third-party diagnostics provider. For Swiss / EU public-sector defenders: this is the regulatory template member-state regulators are likely to deploy under NIS2 essential-entity supplier-due-diligence obligations — Dutch hospitals using the same supplier and other EU member-state regulators with parallel healthcare-ISO standards (NEN 7510, ISO 27799, the Italian AgID guidelines) will pattern-match this ruling for their own supplier oversight (IGJ inspection report; Computable; daily 2026-05-14).

data-breach ransomware europe