Compumedics sleep study data issue

The Women’s and Children’s Health Network (WCHN) has been notified by external software provider Compumedics of a cybersecurity incident involving the Women’s and Children’s Hospital.  

Technology provider Compumedics, provides sleep, brain and other monitoring applications. WCHN has taken immediate action to remove the Compumedics software and related devices from the network.

WCHN is assisting Compumedics to contact patients that been targeted in the cyber security leak.

The only people identified as being impacted are child and adult patients that have participated in a sleep study at Women’s and Children’s Hospital since 2018. 

The letter to affected patients from Compumedics with an attached cover letter from WCHN can be accessed below:

How do I know if I have been impacted?

Impacted patients or parents of impacted patients will be contacted by email, letter or phone call if they have been affected. If you have not been contacted, you do not have to take any action.

Are other hospitals affected?

Compumedics has not advised SA Health of any other affected sites. The Compumedics software is used for sleep trials and research and Electroencephalography (EEG) at Royal Adelaide Hospital, Flinders Medical Centre, Lyell McEwin Hospital, The Queen Elizabeth Hospital and Women’s and Children’s Hospital.

I am a patient at a hospital other than WCH. Am I affected?

Compumedics has not advised SA Health that other Local Health Networks or hospitals are affected by the cyber incident. However, as we remain disconnected from Compumedics software, this may impact the timing and method of any upcoming treatment or appointment you have as part of a sleep study. You will be contacted by the hospital if this does affect you.

What information was taken?

Compumedics is advising affected patients that: 

The types of information are: patient name, postal address, contact details, emergency contact information (phone and email), sleep trial results and some limited clinical study notes. This incident impacted Compumedics directly. It has not happened to or affected the hospital directly. Your medical record held by the Women's and Children's Hospital was not accessed, and no payment details or other information has been affected. 

What has happened to the information?

Compumedics has advised that:

On 22 March 2025, Compumedics became aware of suspicious activity involving its network which was caused by a ransomware attack. It immediately began an investigation and with the assistance of cyber security experts, successfully stopped unauthorised access to its systems on the same day and worked to contain the incident. Our investigation has confirmed that some of our files are likely to have been stolen and could be published on the dark web.

What should I do if I have been contacted and told I am or my child has been impacted?

If you have been affected, follow the advice in the Compumedics letter about protecting your personal information: 

Based on the information affected by the incident, we encourage you to remain vigilant to any suspicious activity and take the following precautionary steps:  

  • Be aware of email, telephone and text-based scams.  
  • Do not share your personal information with anyone unless you are confident about who you are sharing it with.
  • When on a webpage asking for your login credentials, take note of the web address or URL (‘Uniform Resource Locator’). The URL is located in the address bar of your web browser and typically starts with https://;  
  • If you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Neither Compumedics nor the Women's and Children's Hospital will ever contact you to ask for your username or password.
  • Enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts.
  • Ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts.

If you need support and guidance with a cyber and identity related issue 

If you have been impacted by the incident, IDCARE can provide you with specialist support and guidance when faced with a cyber and identity related issue.

At no cost, you can contact the IDCARE Australian National Case Management Centre on:

  • 1800 595 160 (‍Mon – Fri 7.30am – 4.30pm ACST)
  • When you call, quote the code SAHCMHT2

If you are seeking more information about your data  

If you would like advice about which of your data that has been impacted, you can request access to a copy of the information they hold about you by calling 03 8420 7300 or emailing dataprotectionofficer@compumedics.com.au

If you have questions about patient care and treatment 

While the Women’s and Children’s Hospital does not have any further information about the data leak, we are available for questions that relate to your current treatment plan or if you need any other support to manage this incident. For information on your treatment plan or care, contact your treating team at WCH. 

If you have any other general questions 

For general questions about the incident, please contact the SA Health Compumedics Information Line on (08) 7111 3699 which is available 24/7.