DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected

Posted on June 27, 2025 by Dissent

Leela Stockley reports that a data security incident at a Northern Light Health vendor may have compromised some patients’ information.

The vendor, Compumedics, provides sleep disorder diagnostic services for health system patients seen at Northern Light Eastern Maine Medical Center, Northern Light AR Gould, and Northern Light Sebasticook Valley Hospital.

No report has appeared yet on HHS’s public breach tool for this incident under either Compumedics’ name or Northern Light Health’s name. However, on May 8, Compumedics submitted a report to the Massachusetts Attorney General, indicating that 7 Massachusetts residents were affected by the incident. Their report, however, did not indicate that medical records or information was involved, and from their notification, that particular notification may have been directed at employees because it tells recipients that the information involved included names “in combination with your Social Security number and/or bank account number used for direct deposit.”  Compumedics’ report to the Maine Attorney General, filed the same day, was identical and failed to report the total number of people affected by the incident. It only reported that 4 Maine residents were affected.

An undated notice on Compumedics’ website provides additional details, however, including that the intrusion occurred between February 15 and March 23, and was first detected on March 22, 2025. Files were accessed or exfiltrated during the incident. They do not say how the intruder gained access or whether there has been any extortion demand. Health care provider clients whose patients were involved were notified on April 29, 2025.

Compumedics states that files contained names, dates of birth, demographic information, medical record numbers, treatment and diagnosis information, dates of treatment, provider names, and sleep study details and results. For a subset of the individuals whose information was involved, the files may have also contained their Social Security numbers and/or health insurance information.  Officials at Northern Light Health told the Bangor Daily News that they do not believe their patients’ SSN, or health insurance, or financial  information was involved.

Compumedics identified the following providers (clients) whose patients were involved in this incident:

  • Bermuda Sleep & Signature Services / Hope Healthcare;
  • Bronson Healthcare Group;
  • Chest Medicine Associates PA;
  • Billings Clinic;
  • Davis Medical Center;
  • Northern Light Ar Gould;
  • Northern Light Eastern Maine Medical Center;
  • Northern Light Sebasticook Valley Hospital;
  • VCU Health System Authority; and
  • Vitalcare Family Practice
DataBreaches has not seen any notices on those entities’ websites about any incident. Nor do their names appear on HHS’s breach tool as of publication today.

Related posts:

  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
Category: Breach IncidentsHackHealth DataU.S.

Post navigation

← Privacy commissioner reviewing reported Ontario Health atHome data breach
Alert: Scattered Spider has added North American airline and transportation organizations to their target list →

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.