iRhythm Holdings confirms that data is stolen in a cyberattack, after the company discloses a breach affecting patient information. According to reporting, iRhythm says it learned of the incident on June 8, when the company became aware of unauthorized access connected to its business applications hosted by a third party. The company states that attackers accessed and stole personal and health information stored in those third-party-hosted systems.
Multiple outlets report that the attackers also demand a ransom as part of the incident. The disclosures indicate iRhythm is communicating about the nature of the compromised data and the timing of when it discovered the breach, while describing the involvement of third-party-hosted applications.
The company’s statements focus on confirming that data was taken and characterizing the types of patient information involved. The reports do not provide additional confirmed details in the provided excerpts about the specific systems affected, the scope of the impacted individuals, or whether law enforcement has been contacted.
