On June 8, 2026, iRhythm detected unauthorized activity involving data stored on certain third-party-hosted business applications. The attack involved social engineering, leading to a data breach with confirmed theft of some information. Attackers demanded ransom to prevent leaking stolen proprietary and patient health data. iRhythm stated that its clinical and medical device systems, manufacturing and distribution operations, patient safety, and financial reporting systems were not impacted. The company is still assessing the scope and impact of the breach and has engaged external cybersecurity experts for investigation. No ransomware or extortion group has claimed responsibility, and it is unclear if a ransom was paid.

The breach resulted in confirmed theft of some data, including potentially sensitive proprietary information and protected health information of patients. However, critical systems related to clinical operations, medical devices, manufacturing, distribution, patient safety, and financial reporting were not affected. The full extent of data compromised and the number of affected individuals remain undetermined. The incident poses a medium severity risk due to exposure of sensitive health data and proprietary information, with potential privacy and reputational impacts.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. iRhythm is actively investigating the breach with external cybersecurity experts. Since the attack involved social engineering targeting third-party-hosted business applications, organizations should review and strengthen social engineering defenses and third-party access controls. No specific patch or fix has been announced by the vendor. The company has stated that critical clinical and device systems were not impacted.