Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

IRhythm patient data exfiltration from third-party business applications

Data Leak
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

iRhythm Holdings disclosed a data breach after attackers exfiltrated patients' personal and health information from third-party-hosted business applications, creating a public-disclosure risk for sensitive medical records. A threat actor contacted the company on June 9, 2026 demanding payment to suppress publication, and the breach was deemed material on June 10, 2026. The exposed information included proprietary data and other personal information, while the company said its clinical or medical device systems were not affected.

Related Happenings

IRhythm Holdings hit by cyberattack

Incident
H score31 First: 16.06.2026 09:31 Last: 16.06.2026 09:31 Sources 1

How related: Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients' personal and health information stored on third-party-hosted business applications.

About this happening: **iRhythm Holdings** disclosed a **data breach** after attackers stole **patients' personal and health information** from **third-party-hosted business applications**, creating ma...

Open Happening

Timeline

  1. 16.06.2026 09:31 1 articles · 2h ago

    Threat actor demands payment to suppress iRhythm patient data

    Exploitation Observed

    On June 9, 2026, a threat actor told iRhythm Holdings it had obtained sensitive information, including proprietary data, patient protected health information and other personal information, and demanded payment in exchange for not publicly disclosing it; the access path involved social engineering.

    Show sources
    Open in new tab
  2. 16.06.2026 09:31 2 articles · 2h ago

    iRhythm confirms exfiltration of patient health information

    Victim Impact Update

    On June 10, 2026, iRhythm Holdings determined the incident was material in light of the volume of the potentially affected data and confirmed that certain data had been exfiltrated from third-party-hosted business applications.

    Show sources
    Open in new tab
  3. 16.06.2026 09:31 1 articles · 2h ago

    iRhythm Holdings discloses a data breach in SEC filing

    Initial Disclosure

    iRhythm Holdings disclosed the breach in an SEC filing, saying it discovered the incident one day earlier, launched an investigation with external cybersecurity experts and activated its cybersecurity response plan to contain the breach.

    Show sources
    Open in new tab