Northern Light Health patient data exposed in ransomware attack on third-party vendor
Learn More
Northern Light Health is notifying patients that their personal information may have been compromised in the ransomware attack against Compumedics, a third-party vendor that provides diagnostic and research technology for sleep disorders.
The cyberattack was claimed by the VanHelsing ransomware group and affected at least 10 healthcare entities worldwide. For Northern Light Health, the breach affected patients who received sleep disorder diagnostic services between July 15, 2019, and March 20, 2025 at:
- Northern Light Eastern Maine Medical Center,
- Northern Light AR Gould,
- Northern Light Sebasticook Valley Hospital
The compromised patient information includes:
- Names
- Dates of birth
- Demographic information (addresses, contact details)
- Medical record numbers
- Treatment and diagnosis information
- Dates of treatment
- Provider names
- Sleep study details and test results
- Emergency contact information
The number of affected individuals is not disclosed.
Compumedics notified its healthcare provider clients about the incident on April 29, 2025, approximately five weeks after discovering the breach. Patient notification letters began being mailed on June 27, 2025, more than three months after the initial discovery of the breach.
The company has established a dedicated helpline at 1-877-841-3302, available Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time, to address patient questions and concerns about the incident. No free credit monitoring or identity protection services have been offered to affected patients.
