Medical device manufacturer Compumedics Limited reports ransomware attack

Compumedics Limited, a medical device company specializing in diagnostics technology for sleep, brain, and ultrasonic blood-flow monitoring applications, is reporting a ransomware attack. 

The incident was discovered after unusual activity was detected in the company's IT network, impacting data systems in both Australia and the United States of America. 

Compumedics took steps to contain and remediate the incident, taking all servers offline as a precautionary measure. Australian servers are now being systematically restored after security verification. Some customers of Nexus360, their web-based patient data and Lab Management System providing integrated hardware and software solutions for Sleep and Neurology clinics, are still experiencing service disruptions.

The company has initiated an independent forensic investigation to determine the full scope of the incident, its impact on customer data including patient reports, and to ensure system security before resuming normal operations. Compumedics has also filed a report with the Australian Cyber Security Centre (part of the Australian Signals Directorate) and is evaluating what additional notifications may be required as the investigation progresses.

The attack has been attributed to VanHelsing gang, a ransomware-as-a-service operation. VanHelsing shared limited details about the breach along with a countdown to publication of the allegedly stolen data. The threat actors claim to have obtained:

• Passport scans belonging to staff in the company's U.S. office
• Credit application forms
• Product and testing data
• Purchase orders
• Other employee data

The number of affected individuals is not disclosed. 

Compumedics has emphasized that while the investigation is ongoing, their business operations remain largely unaffected, with the primary issue being service disruptions for some Nexus360 customers.