South Australia Health confirmed on Thursday the breach of data impacted patients at the Women’s and Children’s Hospital in Adelaide.

A letter sent by technology provider Compumedics revealed the cyber attack took place on March 22 and the data of patients dating back to 2018 had been accessed.

More than 2200 patients were “likely to have been among those impacted”, according to SA Health.

Chief executive Dr Robyn Lawrence said the breach “impacted Compumedics software directly and there is no evidence of a breach of any SA Health operated IT system”.

“As soon as Compumedics revealed the initial national ransomware attack we took immediate action to suspend access to the Compumedics software and related devices from our network,” she said.

“Now as soon as we have been made aware that South Australian sleep study patients are likely to be affected, we have taken immediate action to verify that information, notify patients and the public.”

Compumedics was contracted by SA Health to provide sleep, brain and other monitoring applications.

“WCHN has taken immediate action to remove the Compumedics software and related devices from the network,” SA Health said in a statement.

Compumedics director David Lawson said in a letter to patients the company worked to contain data on the day of the breach but “some of our files are likely to have been stolen and could be published on the dark web”.

“We sincerely apologise that this incident happened and any impact on you and thank you for your understanding as we continue to work to respond,” he wrote.

Dr Lawrence said during a press conference it was “incredibly disappointing that a third-party provider’s security systems were not sufficient to protect our patients’ data from outside access”.

Medical records and payment details held by the hospital were not accessed, but some “clinical study notes” were leaked.

Originally published as ‘Dark web’: Major data breach for Aussie sleep study patients