The Hidden Cost of Medical Equipment Cyber Gaps: 90,000 Patients Impacted
April 18, 2026 Cyber Trends
The Hidden Cost of Medical Equipment Cyber Gaps: 90,000 Patients Impacted
A recent breach at a medical-equipment provider compromised data of over 90,000 patients. The incident shows how vulnerabilities in device-based vendors directly threaten both operational integrity and patient privacy.
The breach targeted CPAP Medical Supplies and Services, Inc., a Florida–based provider of sleep therapy equipment, including CPAP machines—widely used in hospitals and clinics.
Cyberattackers gained network access between December 13–21, 2024, and the forensic investigation concluded only by June 27, 2025, that the compromised data included full names, dates of birth, Social Security numbers, financial/banking details, medical and health insurance information.
Approximately 90,133 patients were affected. The provider has since offered complimentary credit and identity monitoring services as precautionary measures.
The CPAP breach is just the latest reminder that medical devices and their supporting vendors remain a prime attack vector. From sleep therapy equipment to infusion pumps and imaging systems, vulnerabilities in connected devices put both patients and providers at risk.
For a deeper dive into how these risks are expanding—and what healthcare organizations can do to protect clinical and operational environments—check out our 2025 CPS Risk Exposure Report. This report delivers actionable insights into the evolving cyber-physical systems (CPS) threat landscape and offers practical strategies for reducing risk, improving resilience, and safeguarding patient trust.
Stay ahead of evolving threats with expert insights
Subscribe to our newsletter to keep you updated on the latest cybersecurity insights & resources.
One follow-up from a security expert—no spam, ever.