Australian medical manufacturer Compumedics confirmed a data breach in March 2025 that compromised the personal and medical information of at least 320,404 people. The compromised data included names, Social Security numbers, health insurance information, dates of birth, demographic info, medical record numbers, treatments, diagnoses, dates of treatment, provider names, and sleep study details and results. The attack affected both its Australian and US systems and had a downstream impact on several hospitals and clinics, which are issuing their own data breach notices to patients.
TPRM report: https://scoringcyber.rankiteo.com/company/compumedics
"id": "com416071725",
"linkid": "compumedics",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Healthcare',
'location': ['FL', 'VA'],
'name': 'Hope Healthcare',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['MI'],
'name': 'Bronson Healthcare Group',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['PA', 'ME'],
'name': 'Chest Medicine Associates',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['MT', 'WY', 'ND', 'SD'],
'name': 'Billings Clinic',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['WV'],
'name': 'Davis Medical Center',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['ME'],
'name': 'Northern Light AR Gould',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['ME'],
'name': 'Northern Light Eastern Maine Medical Center',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['ME'],
'name': 'Northern Light Sebasticook Valley Hospital',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['VA'],
'name': 'VCU Health System Authority',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['VA'],
'name': 'Vitalcare Family Practice',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['TN', 'NC'],
'name': 'Erlanger',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['Australia'],
'name': 'Adelaide’s Women’s and Children’s Hospital',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': ['Bermuda'],
'name': 'Bermuda Sleep & Signature Services',
'type': 'Healthcare'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '320,404',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal information',
'Health information']},
'date_detected': '2025-03-22',
'date_publicly_disclosed': '2025-03-26',
'description': 'Australian medical manufacturer Compumedics confirmed a data '
'breach in March 2025 that compromised sensitive patient '
'information, affecting both Australian and US systems.',
'impact': {'data_compromised': ['Names',
'Social Security numbers',
'Health insurance info',
'Dates of birth',
'Demographic info',
'Medical record numbers',
'Treatments and diagnoses',
'Dates of treatment',
'Provider names',
'Sleep study details and results'],
'systems_affected': ['Australian and US systems']},
'investigation_status': 'Ongoing',
'motivation': ['Data theft', 'Ransom'],
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Van Helsing'},
'references': [{'source': 'Comparitech'}],
'response': {'communication_strategy': ['Notified affected individuals',
'Offered free credit monitoring'],
'containment_measures': 'Secured systems and contained the '
'incident'},
'threat_actor': 'Van Helsing',
'title': 'Compumedics Data Breach',
'type': 'Ransomware'}