IRHYTHM Technologies, a U.S. digital healthcare company, reported a cyberattack that resulted in stolen patient and proprietary data, accompanied by a ransom demand. The attack was disclosed in a SEC Form 8-K on June 10, 2026, identifying unauthorized activity involving data from third-party-hosted applications. On June 9, iRhythm received an extortion demand from a threat actor claiming to possess sensitive information.
The company confirmed the breach but stated that clinical systems and patient safety were not compromised, and no financial data was involved. An investigation is ongoing, and it remains unclear if negotiations with the attacker have taken place.