iRhythm discloses data breach, says hackers stole patient info
by Sergiu Gatlan · BleepingComputerDigital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients' personal and health information stored on third-party-hosted business applications.
The company says its cardiac monitoring service has been used to analyze more than 2 billion hours of curated heartbeat data from over 12 million patients.
In a filing with the U.S. Securities and Exchange Commission (SEC) on Monday, iRhythm said it discovered the incident one day earlier, prompting it to launch an investigation with external cybersecurity experts and activate its cybersecurity response plan to contain the breach.
It added that the attackers reached out one week ago, on June 9, demanding a ransom to prevent the disclosure of stolen health information online, but didn't attribute the attack to a specific threat actor or extortion group.
"On June 9, 2026, the Company received communications from a threat actor claiming to have obtained sensitive information, including proprietary data, patient protected health information and other personal information. The communications from the threat actor demanded payment in exchange for not publicly disclosing this information," iRhythm said.
"Since receipt of the communications, the Company has confirmed that certain data was exfiltrated from those applications. On June 10, 2026, the Company determined that the incident is material in light of the volume of the potentially affected data."
The company also stated that it has no evidence that the incident has affected "its products, clinical or medical device systems, patient safety, manufacturing and distribution operations, financial reporting systems," and noted that the threat actors gained access to the data through social engineering.
iRhythm added that it does not store patients' payment card or financial account information, and that the breach does not involve its clinical or medical device systems.
BleepingComputer reached out to an iRhythm spokesperson with further questions about the incident, including how many individuals had their personal and patient data exposed in the breach, but a response was not immediately available.
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, also disclosed a data breach last week after hackers stole patient information from some clinical trials in an incident involving compromised internal IT systems.
Test every layer before attackers do
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.