Compumedics Data Breach: Sleep Study Patients' Personal Data Exposed

Edward Zhou
Edward Zhou

CEO & Founder

 
July 17, 2025 3 min read

Compumedics USA Data Security Incident

Compumedics USA Inc. provides diagnostic and research technologies for sleep disorders, utilized by healthcare providers like VCU Health for sleep studies. A significant data security incident was identified on March 22, 2025, when unauthorized access to Compumedics' systems occurred. Investigative efforts revealed that the breach, which lasted from February 15, 2025, to March 23, 2025, involved the access of patient data, including names, birth dates, medical record numbers, treatment details, and potentially Social Security numbers.

Affected healthcare providers were notified on April 29, 2025. Compumedics encourages individuals to review their provider statements for accuracy and offers complimentary credit monitoring services to those whose Social Security numbers were involved.

For more details, visit the official notice: Compumedics Notice of Data Security Incident.

Compumedics Sleep Study Data Issue

The Women’s and Children’s Health Network (WCHN) reported a cybersecurity incident involving Compumedics software, which led to the removal of the software and devices from their network. This incident primarily affected patients who participated in sleep studies at the Women’s and Children’s Hospital since 2018. The breached data included patient names, addresses, contact information, and sleep trial results, but did not include financial information or medical records held by the hospital.

Compumedics became aware of suspicious activity on March 22, 2025, and engaged cybersecurity experts to contain the breach. They are working with WCHN to notify affected patients.

For more information, access the Compumedics letter about the incident: Compumedics cybersecurity incident notice.

Women's and Children's Hospital

Ransomware Attack Impact

A ransomware attack on Compumedics' systems has impacted over 2,000 sleep study patients at the Women's and Children's Hospital in Adelaide. SA Health confirmed that the attack occurred against the software managing patient data for sleep studies. The accessed personal details include names, addresses, birth dates, and limited clinical information.

Dr. Robyn Lawrence, CEO of SA Health, stated that there is no evidence of a breach in SA Health's IT systems. Immediate actions were taken to suspend access to Compumedics software. Patients impacted by the breach are being notified, and helplines have been established for support.

For further details, refer to the news report: ABC News on Compumedics ransomware attack.

Ransomware Attack Impact

Data Breach Notifications

Compumedics USA Inc. experienced a data breach that was reported to have affected a small number of individuals, with notifications sent out by May 8, 2025. The breach occurred due to external hacking on March 13, 2025, and it involved the unauthorized access to personal identifiers.

Compumedics has offered one year of credit monitoring and identity theft protection services through Experian to affected individuals. More information can be found in the notification forms submitted to the Maine Attorney General's office.

For additional resources, you can access the Electronic Maine Security Breach Reporting Form: Maine Security Breach Reporting Form.

Data Breach Notifications

Edward Zhou
Edward Zhou

CEO & Founder

 

CEO & Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions..

Related Articles

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read
Read full article

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read
Read full article

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read
Read full article

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.

By Alan V Gutnov July 19, 2025 3 min read
Read full article