iRhythm Holdings Reports Material Cybersecurity Incident, Data Exfiltrated
iRhythm Holdings, Inc. identified unauthorized activity on certain third-party-hosted business applications on June 8, 2026, leading to a material cybersecurity incident. A threat actor claimed to have exfiltrated sensitive information, including proprietary data, patient protected health information, and other personal information, demanding payment. The company confirmed data exfiltration and deemed the incident material on June 10, 2026, due to the volume of potentially affected data. Despite the breach, iRhythm has not identified any impact to its products, clinical systems, patient safety, operations, or financial reporting, and believes the incident is not reasonably likely to materially impact its financial condition or results of operations.
Key Highlights
- iRhythm Holdings identified unauthorized activity on third-party-hosted business applications on June 8, 2026.
- Threat actor claimed to have obtained sensitive information, including patient protected health information, on June 9, 2026.
- Company confirmed data exfiltration and determined the incident was material on June 10, 2026.
- No identified impact to products, clinical systems, patient safety, manufacturing, distribution, or financial reporting.
- Affected data was obtained through social engineering from third-party-hosted business applications.
- Company does not store individual financial account information or payment card information.
- Incident not reasonably likely to have a material impact on financial condition or results of operations.
- Company maintains cybersecurity insurance that may cover certain losses.
Price Impact
More from IRTC