IRHYTHM has confirmed that attackers gained access to patient data through a social engineering scheme and are now demanding a ransom to prevent the information from being released.
The breach involved unauthorised entry to third‑party hosted business applications that store personal health information, according to the company’s filing with the SEC.
iRhythm said the compromised data includes names, contact details and medical histories but does not appear to contain financial identifiers or payment card information.
The extortion attempt was first reported to the regulator on 9 June 2026 and the company is working with external forensic investigators and law enforcement to assess the scope of the leak.
For individuals whose data may have been taken, iRhythm advises checking any unexpected communications that claim to be from the clinic and monitoring medical insurance statements for signs of fraud.
Organisations should review the security of any third‑party platforms they use, enforce multi‑factor authentication on all remote access points and run regular phishing simulation exercises to reduce the chance of a successful social engineering attack.