THE article discusses a data breach affecting iRhythm, a cardiac monitoring provider, where sensitive patient data, including personal health information (PHI), was stolen and held for ransom. The breach was reported to the SEC after iRhythm was contacted by an extortionist on June 9, 2026, demanding payment to avoid releasing the data. iRhythm claims the data was accessed via social engineering and is linked to third-party-hosted applications.
While no financial information was reportedly compromised, the breach poses significant risks, such as medical identity theft and increased phishing attempts targeting affected patients. iRhythm has committed to notifying those impacted as per legal requirements and outlined precautionary measures for patients, such as verifying communications, changing passwords, and monitoring for suspicious activity.