Compumedics Cyberattack Affects Almost a Dozen Healthcare Providers
Compumedics USA Inc., a vendor that provides diagnostic and research technologies for sleep disorders for use in sleep study clinics, has recently disclosed a data security incident that has affected patients of several of its healthcare provider clients.
On March 22, 2025, Compumedics identified unauthorized access to its network which disrupted the operations of its information technology systems. Immediate action was taken to secure its systems and third-party forensics experts were engaged to investigate the incident. They confirmed that an unauthorized third party had access to its systems between February 15, 2025, and March 23, 2025, during which time files were copied from its systems.
The file review was completed on May 13, 2025, and confirmed that some of the files contained patient information such as names, dates of birth, demographic information, medical record numbers, diagnosis information, treatment information, dates of treatment, provider names, and sleep study details and results. A subset of the affected individuals also had their Social Security numbers stolen. The affected healthcare provider clients were notified about the data breach on April 29, 2025.
Compumedics has implemented additional security measures and has provided further data security training to its employees. Complimentary credit monitoring and identity theft protection services have been offered to individuals whose Social Security numbers were involved. The affected individuals have been advised to monitor their accounts and explanation of benefits statements and report any suspicious activity to the appropriate healthcare provider or insurer.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Compumedics has stated that 318,150 individuals were affected, although it is unclear whether all of those individuals are in the United States. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal. Compumedics said the following healthcare provider clients have been affected by the incident:
- Bermuda Sleep & Signature Services
- Hope Healthcare
- Bronson Healthcare Group
- Chest Medicine Associates PA
- Billings Clinic
- Davis Medical Center
- Northern Light AR Gould
- Northern Light Eastern Maine Medical Center
- Northern Light Sebasticook Valley Hospital
- VCU Health System Authority
- Vitalcare Family Practice
Compumedics started issuing notification letters on behalf of the affected clients on or around June 27, 2025. Northern Light Health has issued its own substitute breach notice confirming the data incident was limited to Compumedics systems, and said no Northern Light systems were compromised in the incident.
