Healthcare Firm iRhythm Confirms Stolen Data in Cyberattack

Keerthana S June 22, 2026 | 02:03 PM Technology

Digital healthcare company iRhythm has disclosed a cybersecurity incident that resulted in the theft of sensitive information, including data that may contain patient health records and proprietary business information.

The company, best known for its Zio wearable ECG monitoring technology, revealed the breach in a filing with the U.S. Securities and Exchange Commission (SEC). According to iRhythm, suspicious activity involving data stored within certain third-party-hosted business applications was detected on June 8.

Figure 1. iRhythm Healthcare Firm.

Initial findings indicate that the attack involved social engineering techniques, although the company has not identified the specific application that was targeted. A day after the intrusion was discovered, a threat actor contacted iRhythm claiming responsibility for the attack and asserting that sensitive data had been exfiltrated from company systems.

The attacker allegedly obtained proprietary corporate information as well as protected health information (PHI) belonging to patients. The threat actor also demanded a ransom in exchange for not publicly releasing the stolen data.

iRhythm has engaged external cybersecurity specialists to investigate the incident and assess its impact. While the company has confirmed that data was stolen, it has not yet verified whether the threat actor's claims accurately reflect the scope or nature of the compromised information. Figure 1 shows iRhythm healthcare firm.

The ongoing investigation aims to determine how many individuals may have been affected, what categories of information were exposed, and the total volume of data involved.

Importantly, iRhythm stated that the breach did not impact its clinical or medical device systems, patient monitoring services, manufacturing operations, distribution networks, or financial reporting infrastructure [1]. The company also emphasized that it does not store customers' financial account details or payment card information within the affected environment.

“The incident does not involve the Company's clinical or medical device systems or connections to customers,” iRhythm noted in its SEC filing, highlighting that patient care and operational continuity remain unaffected.

At this stage, no known ransomware or extortion group has publicly claimed responsibility for the attack. It also remains unclear whether iRhythm has engaged in negotiations with the threat actor or considered paying the ransom demand.

As healthcare organizations continue to face increasing cyber threats, the incident underscores the risks posed by social engineering attacks and third-party business applications that may provide attackers with access to sensitive corporate and patient data.

Reference:

  1. https://www.securityweek.com/irhythm-confirms-data-stolen-in-hack/

Cite this article:

Keerthana S (2026), Healthcare Firm iRhythm Confirms Stolen Data in Cyberattack, AnaTechMaz, pp.194

Recent Post

Blog Archive