Overview
- iRhythm detected unauthorized activity on June 8 and activated its cybersecurity response team and external investigators to contain the incident.
- A threat actor contacted the company on June 9 and demanded payment while iRhythm confirmed on June 10 that certain data had been exfiltrated and the incident was material.
- Company filings say attackers used social engineering to hit certain third‑party‑hosted business applications and that the intrusion did not affect clinical or medical device systems or patient safety.
- iRhythm processes data from more than 12 million patients and says it has analyzed over two billion hours of heartbeat recordings, so stolen health or personal records could create phishing, identity theft, and insurance‑fraud risks for many people.
- Investigators have not disclosed how many records or which vendor apps were affected, no extortion group has claimed responsibility, and iRhythm says cyber insurance may cover some costs while statutory patient and regulator notifications proceed.