Digital healthcare firm iRhythm Holdings disclosed a knowledge breach after hackers stole affected person private and well being data saved in enterprise purposes hosted by third events.
The corporate says its coronary heart monitoring service has been used to research greater than 2 billion hours of coronary heart price knowledge collected from greater than 12 million sufferers.
iRhythm mentioned in a submitting Monday with the U.S. Securities and Alternate Fee that it found the incident a day earlier, which prompted it to start an investigation with exterior cybersecurity consultants and activate a cybersecurity response plan to cease the breach.
It additional added that the attackers contacted them per week in the past, on June 9, and demanded a ransom to stop the stolen well being data from being printed on-line, however that the assault was not attributed to any particular attacker or extortion group.
“On June 9, 2026, we obtained a communication from an attacker claiming to have obtained delicate data, together with confidential knowledge, affected person protected well being data, and different private data. The communication from the menace actor requested cost in alternate for not publicly disclosing this data,” Airism mentioned.
“Since receiving the communication, we have now confirmed that sure knowledge was uncovered from these purposes. On June 10, 2026, we decided that this incident was important given the quantity of knowledge probably affected.”
The corporate additionally mentioned there was no proof that the incident impacted “the corporate’s merchandise, scientific or medical gadget techniques, affected person security, manufacturing and distribution operations, or monetary reporting techniques,” noting that the attackers accessed the information via social engineering.
iRhythm added that the corporate doesn’t retailer affected person cost card or monetary account data and that the breach didn’t contain any of its scientific or medical gadget techniques.
BleepingComputer reached out to an iRhythm spokesperson for additional questions in regards to the incident, together with how many individuals’s private and affected person knowledge was uncovered within the breach, however didn’t obtain a direct response.
Danish pharmaceutical large Novo Nordisk, the world’s largest insulin producer, additionally disclosed a knowledge breach final week after hackers stole affected person data from some scientific trials in an incident involving a breach of its inside IT techniques.
Safety groups doc 54% of profitable assaults and problem a warning on solely 14%. The remainder strikes invisibly via the setting.
Picus’ whitepaper reveals methods to take a look at your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
