Compumedics Data Breach: Sleep Study Patients' Personal Data Exposed

Compumedics USA Data Security Incident

Compumedics USA Inc. provides diagnostic and research technologies for sleep disorders, utilized by healthcare providers like VCU Health for sleep studies. A significant data security incident was identified on March 22, 2025, when unauthorized access to Compumedics' systems occurred. Investigative efforts revealed that the breach, which lasted from February 15, 2025, to March 23, 2025, involved the access of patient data, including names, birth dates, medical record numbers, treatment details, and potentially Social Security numbers.

Affected healthcare providers were notified on April 29, 2025. Compumedics encourages individuals to review their provider statements for accuracy and offers complimentary credit monitoring services to those whose Social Security numbers were involved.

For more details, visit the official notice: Compumedics Notice of Data Security Incident.

Compumedics Sleep Study Data Issue

The Women’s and Children’s Health Network (WCHN) reported a cybersecurity incident involving Compumedics software, which led to the removal of the software and devices from their network. This incident primarily affected patients who participated in sleep studies at the Women’s and Children’s Hospital since 2018. The breached data included patient names, addresses, contact information, and sleep trial results, but did not include financial information or medical records held by the hospital.

Compumedics became aware of suspicious activity on March 22, 2025, and engaged cybersecurity experts to contain the breach. They are working with WCHN to notify affected patients.

For more information, access the Compumedics letter about the incident: Compumedics cybersecurity incident notice.

Ransomware Attack Impact

A ransomware attack on Compumedics' systems has impacted over 2,000 sleep study patients at the Women's and Children's Hospital in Adelaide. SA Health confirmed that the attack occurred against the software managing patient data for sleep studies. The accessed personal details include names, addresses, birth dates, and limited clinical information.

Dr. Robyn Lawrence, CEO of SA Health, stated that there is no evidence of a breach in SA Health's IT systems. Immediate actions were taken to suspend access to Compumedics software. Patients impacted by the breach are being notified, and helplines have been established for support.

For further details, refer to the news report: ABC News on Compumedics ransomware attack.

Data Breach Notifications

Compumedics USA Inc. experienced a data breach that was reported to have affected a small number of individuals, with notifications sent out by May 8, 2025. The breach occurred due to external hacking on March 13, 2025, and it involved the unauthorized access to personal identifiers.

Compumedics has offered one year of credit monitoring and identity theft protection services through Experian to affected individuals. More information can be found in the notification forms submitted to the Maine Attorney General's office.

For additional resources, you can access the Electronic Maine Security Breach Reporting Form: Maine Security Breach Reporting Form.