Compumedics sleep study data issue

The Women’s and Children’s Health Network (WCHN) has been notified by external software provider Compumedics of a cybersecurity incident involving the Women’s and Children’s Hospital.

Technology provider Compumedics, provides sleep, brain and other monitoring applications. WCHN has taken immediate action to remove the Compumedics software and related devices from the network.

WCHN is assisting Compumedics to contact patients that been targeted in the cyber security leak.

The only people identified as being impacted are child and adult patients that have participated in a sleep study at Women’s and Children’s Hospital since 2018.

The letter to affected patients from Compumedics with an attached cover letter from WCHN can be accessed below:

Compumedics letter: Notice of a cybersecurity incident affecting your information (PDF 2MB).

How do I know if I have been impacted?

Impacted patients or parents of impacted patients will be contacted by email, letter or phone call if they have been affected. If you have not been contacted, you do not have to take any action.

Are other hospitals affected?

Compumedics has not advised SA Health of any other affected sites. The Compumedics software is used for sleep trials and research and Electroencephalography (EEG) at Royal Adelaide Hospital, Flinders Medical Centre, Lyell McEwin Hospital, The Queen Elizabeth Hospital and Women’s and Children’s Hospital.

I am a patient at a hospital other than WCH. Am I affected?

Compumedics has not advised SA Health that other Local Health Networks or hospitals are affected by the cyber incident. However, as we remain disconnected from Compumedics software, this may impact the timing and method of any upcoming treatment or appointment you have as part of a sleep study. You will be contacted by the hospital if this does affect you.

What information was taken?

Compumedics is advising affected patients that:

The types of information are: patient name, postal address, contact details, emergency contact information (phone and email), sleep trial results and some limited clinical study notes. This incident impacted Compumedics directly. It has not happened to or affected the hospital directly. Your medical record held by the Women's and Children's Hospital was not accessed, and no payment details or other information has been affected.

What has happened to the information?

Compumedics has advised that:

On 22 March 2025, Compumedics became aware of suspicious activity involving its network which was caused by a ransomware attack. It immediately began an investigation and with the assistance of cyber security experts, successfully stopped unauthorised access to its systems on the same day and worked to contain the incident. Our investigation has confirmed that some of our files are likely to have been stolen and could be published on the dark web.

What should I do if I have been contacted and told I am or my child has been impacted?

If you have been affected, follow the advice in the Compumedics letter about protecting your personal information:

Based on the information affected by the incident, we encourage you to remain vigilant to any suspicious activity and take the following precautionary steps:

Be aware of email, telephone and text-based scams.
Do not share your personal information with anyone unless you are confident about who you are sharing it with.
When on a webpage asking for your login credentials, take note of the web address or URL (‘Uniform Resource Locator’). The URL is located in the address bar of your web browser and typically starts with https://;
If you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Neither Compumedics nor the Women's and Children's Hospital will ever contact you to ask for your username or password.
Enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts.
Ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts.

If you need support and guidance with a cyber and identity related issue

If you have been impacted by the incident, IDCARE can provide you with specialist support and guidance when faced with a cyber and identity related issue.

At no cost, you can contact the IDCARE Australian National Case Management Centre on:

1800 595 160 (‍Mon – Fri 7.30am – 4.30pm ACST)
When you call, quote the code SAHCMHT2.

If you are seeking more information about your data

If you would like advice about which of your data that has been impacted, you can request access to a copy of the information they hold about you by calling 03 8420 7300 or emailing dataprotectionofficer@compumedics.com.au.

If you have questions about patient care and treatment

While the Women’s and Children’s Hospital does not have any further information about the data leak, we are available for questions that relate to your current treatment plan or if you need any other support to manage this incident. For information on your treatment plan or care, contact your treating team at WCH.

If you have any other general questions

For general questions about the incident, please contact the SA Health Compumedics Information Line on (08) 7111 3699 which is available 24/7.

Use of the information and data contained within this site or these pages is at your sole risk.
If you rely on the information on this site you are responsible for ensuring by independent verification its accuracy, currency or completeness.
This site includes links to other websites operated by community, business and government.
These linked websites will have their own terms and conditions of use and you should familiarise yourself with these.
All linked websites are linked 'as is' and the Government of South Australia:
- does not sponsor, endorse or necessarily approve of any material on websites linked from or to this Site;
- does not make any warranties or representations regarding the quality, accuracy, merchantability or fitness for purpose of any material on websites linked from or to this Site;
- does not make any warranties or representations that material on other websites to which this site is linked does not infringe the intellectual property rights of any person anywhere in the world; and
- does not authorise the infringement of any intellectual property rights contained in material in other websites by linking this site to those other websites.
If you use automatic language translation services in connection with this site you do so at your own risk.
The information and data on this site is subject to change without notice. The Government of South Australia may revise this disclaimer at any time by updating this posting.
The Government of South Australia, its agents, instrumentalities, officers and employees:
- make no representations, express or implied, as to the accuracy of the information and data contained on this site
- make no representations, express or implied, as to the accuracy or usefulness of any translation of the information on this site or any linked website into another language
- make no representations as to the availability of the site and the availability of websites linked from or to the site
- accept no liability however arising for any loss resulting from the use of the site and any information and data or reliance placed on it (including translated information and data)
- make no representations, either expressed or implied, as to the suitability of the said information and data for any particular purpose
- accepts no liability for any interference with or damage to a user's computer, software or data occurring in connection with or relating to this Site or its use or any website linked to this site
- do not represent or warrant that applications or payments initiated through this site will in fact be received or made to the intended recipient. Users are advised to confirm the application or payment by other means.

Privacy http://www.sahealth.sa.gov.au/wps/wcm/connect/public+content/sa+health+internet/about+us/website+information/privacy

Copyright http://www.sahealth.sa.gov.au/wps/wcm/connect/public+content/sa+health+internet/about+us/website+information/copyright

Disclaimer http://www.sahealth.sa.gov.au/wps/wcm/connect/public+content/sa+health+internet/about+us/website+information/disclaimer

Last updated: 09 May 2025