Compumedics confirms major data breach affecting U.S. division

Global medical device manufacturer Compumedics said that its U.S. division experienced a significant data security incident, compromising the sensitive personal information of over 318,000 individuals.

 

Headquartered in Charlotte, North Carolina, Compumedics USA develops medical devices to monitor sleep issues, brain activity, blood flow and more.

 

In a data security incident notice published on its website, Compumedics USA said that on March 22, it identified suspicious activity affecting its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure its affected network, contained the incident and notified relevant law enforcement authorities about the same.

 

“The investigation determined that an unauthorised party accessed certain Compumedics systems between February 15, 2025, and March 23, 2025, and reviewed or copied some files,” Compumedics said.

 

The compromised data included names, dates of birth, Social Security numbers, demographic information, medical record numbers, health insurance information, treatment and diagnosis information, dates of treatment, provider names, and sleep study details and results.

 

The incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights, where Compumedics said it has identified at least 318,150 individuals impacted by the incident.

 

“To help prevent a similar incident from occurring in the future, we are implementing additional measures to enhance the security of our network and continue training employees concerning data security,” the company added.

 

Compumedics has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services to  individuals whose Social Security Numbers were compromised.

 

On March 26, the VanHelsing ransomware group claimed responsibility for the cyber attack on Compumedics and listed it as a victim on its data leak site. The medical device manufacturer has neither confirmed the group’s claims nor disclosed whether a ransom was paid.