SA Health has notified patients involved in sleep studies at the Adelaide Women’s and Children’s Hospital that some of their information may have been stolen in a cyberattack against a technology provider.
The agency said the third-party provider, Compumedics, was impacted by a ransomware attack back in March, in which “some … files are likely to have been stolen” and could wind up on the dark web.
The stolen data included “patient name, postal address, contact details, emergency contact information (phone and email), sleep trial results and some limited clinical study notes”, SA Health said.
SA Health said the incident “impacted Compumedics directly” and “has not happened to or affected the hospital directly.”
As a result, medical records “held by the Women’s and Children’s Hospital were not accessed, and no payment details or other information have been affected,” the agency noted.
Compumedics said in a letter [pdf] to impacted patients that it was contracted to provide software “to support sleep, brain and ultrasonic blood flow monitoring applications” at the hospital.
The vendor said it had engaged third-party cyber security assistance to work on containment and communication of the incident.
It had also notified relevant authorities and regulators in Australia.