Compumedics USA Inc., a company that provides sleep study clinics with its diagnostic and research technologies for sleep disorders. The company recently suffered a data security incident that impacted patients of a few healthcare company clients.
On March 22, 2025, Compumedics discovered unauthorized access to its system, which interrupted the functions of its I.T. systems. It took immediate action to protect its technologies. Third-party forensics specialists helped in investigating the incident and confirmed the unauthorized access to its systems by a third party from February 15, 2025 to March 23, 2025. At this time, the hacker copied files from its systems.
Compumedics finished the file analysis on May 13, 2025, and reported that some files included patients’ protected health information (PHI) like names, birth dates, medical record numbers, demographic data, diagnosis data, treatment details, dates of treatment, names of providers, and sleep study information and results. The Social Security numbers of part of the impacted people were also stolen. The impacted healthcare company clients received notification regarding the data breach on April 29, 2025.
Compumedics has put in place additional security procedures and has offered its employees further data security training. It offered free credit monitoring and identity theft protection services to people whose Social Security numbers had been compromised. The impacted individuals received an advisory to keep an eye on their explanation of benefits statements and accounts. In case of spotting any suspicious activity, report it to the pertinent healthcare company or insurance provider.
The data breach is not yet posted on the HHS’ Office for Civil Rights breach website. The number of affected individuals is still uncertain. Compumedics stated the healthcare provider clients listed below were affected by the data breach:
- Billings Clinic
- Bronson Healthcare Group
- Bermuda Sleep & Signature Services
- Chest Medicine Associates PA
- Hope Healthcare
- Davis Medical Center
- Northern Light Sebasticook Valley Hospital
- Northern Light Eastern Maine Medical Center
- Northern Light AR Gould
- Vitalcare Family Practice
- VCU Health System Authority
Compumedics began sending breach notification letters to the impacted customers on or about June 27, 2025. Northern Light Health has published its substitute breach notice to announce that the data incident only impacted Compumedics systems. The incident did not affect Northern Light systems.