Bangor, Maine-based Northern Light Health is notifying patients that a third-party vendor experienced a data breach that may have exposed protected health information related to sleep study services.
Compumedics, a provider of diagnostic and research technologies for sleep disorders, informed Northern Light Health that an unauthorized party gained access to its systems and may have viewed or copied patient data between Feb. 15 and March 23.
The breach affected patients who received or were scheduled for sleep studies at three Northern Light facilities: Eastern Maine Medical Center, AR Gould Hospital, and Sebasticook Valley Hospital, the health system said in a June 27 statement.
The exposed data may include patient names, birth dates, demographic details, allergies, medical record numbers, dates and locations of sleep studies, and test results. Northern Light Health said there is no evidence that Social Security numbers, health insurance, or financial data were compromised.
Northern Light Health emphasized that its own IT systems were not affected and that it is working closely with Compumedics to address the breach.
Patients who underwent or were scheduled for sleep studies at the affected hospitals between July 15, 2019, and March 20, 2025, may be impacted. Compumedics began mailing individual notices to affected patients on June 27.
