Skip to content
Tech News
← Back to articles

iRhythm discloses data breach, says hackers stole patient info

2026-06-16 | original
read original get iRhythm Data Security Kit → more articles
Why This Matters

The iRhythm data breach highlights the ongoing cybersecurity risks facing digital healthcare providers, especially concerning the protection of sensitive patient data. As healthcare data becomes increasingly targeted, this incident underscores the need for robust security measures to safeguard personal health information and maintain patient trust in digital health services.

Key Takeaways

Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients' personal and health information stored on third-party-hosted business applications.

The company says its cardiac monitoring service has been used to analyze more than 2 billion hours of curated heartbeat data from over 12 million patients.

In a filing with the U.S. Securities and Exchange Commission (SEC) on Monday, iRhythm said it discovered the incident one day earlier, prompting it to launch an investigation with external cybersecurity experts and activate its cybersecurity response plan to contain the breach.

It added that the attackers reached out one week ago, on June 9, demanding a ransom to prevent the disclosure of stolen health information online, but didn't attribute the attack to a specific threat actor or extortion group.

"On June 9, 2026, the Company received communications from a threat actor claiming to have obtained sensitive information, including proprietary data, patient protected health information and other personal information. The communications from the threat actor demanded payment in exchange for not publicly disclosing this information," iRhythm said.

"Since receipt of the communications, the Company has confirmed that certain data was exfiltrated from those applications. On June 10, 2026, the Company determined that the incident is material in light of the volume of the potentially affected data."

The company also stated that it has no evidence that the incident has affected "its products, clinical or medical device systems, patient safety, manufacturing and distribution operations, financial reporting systems," and noted that the threat actors gained access to the data through social engineering.

iRhythm added that it does not store patients' payment card or financial account information, and that the breach does not involve its clinical or medical device systems.

BleepingComputer reached out to an iRhythm spokesperson with further questions about the incident, including how many individuals had their personal and patient data exposed in the breach, but a response was not immediately available.

Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, also disclosed a data breach last week after hackers stole patient information from some clinical trials in an incident involving compromised internal IT systems.

Explore topics: irhythm sec cybersecurity patient data data breach
Related:
Cybersecurity Vets Protest 'Dangerous' US Government Ban On Anthropic's Most Powerful Models
Nvidia plans to raise at least $20 billion in its first debt sale since start of AI boom
Opinion | Notable & Quotable: Nix on X
Judge Dismisses Elon Musk’s xAI Trade-Secret Lawsuit Against OpenAI
Nvidia plans to raise at least $20 billion in first debt sale since start of AI boom

© 2026 GoKawiil

About | Editorial Policy | Contact