iRhythm discloses data breach, hackers steal patient info

iRhythm Holdings, a digital healthcare company, disclosed a data breach after unauthorized access to patient information. The intrusion targeted data stored on third-party-hosted business applications, exposing both personal and health-related details.

While the exact number of affected individuals has not been disclosed, the breach involves sensitive patient data. iRhythm has not yet confirmed active exploitation beyond the initial access, but the nature of the stolen information elevates the severity for impacted patients.

Attackers gained entry through third-party-hosted business applications used by iRhythm, according to the company's disclosure. No specific attack vector or exploit mechanisms were detailed, nor have indicators of compromise been publicly shared. The firm has not released a timeline for when the breach occurred or when it was detected.

iRhythm stated it is working to secure its systems and has begun notifying affected patients. The company has not announced patches or specific remediation steps beyond the ongoing investigation. Patients are advised to monitor accounts for suspicious activity.

Attribution for the breach remains unknown. iRhythm has not linked the incident to any known threat group or broader hacking campaign, leaving the risk landscape unclear for similar healthcare firms relying on third-party app integrations.