← All filing news
otherIRTC

iRhythm reports data exfiltration incident affecting third-party applications

iRhythm identified unauthorized activity on June 8, 2026 involving data on certain third-party-hosted business applications and received extortion demands from a threat actor on June 9, 2026. The company confirmed data exfiltration on June 10, 2026 and determined the incident material, though it stated the breach did not affect its medical devices, clinical systems, or patient safety. The company said it has not identified evidence of ongoing unauthorized access and believes the incident is not reasonably likely to have a material impact on financial condition or results of operations.

iRhythm Holdings, Inc. · CIK 1388658 ·

Key facts

  • Unauthorized activity identified June 8, 2026 on third-party-hosted business applications
  • Threat actor demanded payment in exchange for not disclosing sensitive information on June 9, 2026
  • Data exfiltrated included proprietary data, patient protected health information, and other personal information
  • Incident determined material in light of volume of potentially affected data on June 10, 2026
  • Company confirmed affected data obtained through social engineering
  • No impact identified to products, clinical or medical device systems, patient safety, manufacturing and distribution operations, or financial reporting systems
  • Company maintains cybersecurity insurance that may cover certain losses associated with the incident
  • No evidence of ongoing unauthorized access identified as of Form 8-K filing date

Why it matters

iRhythm's disclosure that the breach involved patient protected health information and proprietary data signals potential regulatory liability and customer notification obligations under healthcare privacy laws, though the company's assessment that medical devices and clinical systems were not affected may limit operational and patient-safety consequences.

Share

Track iRhythm Holdings, Inc. →

Get the next chapter in your inbox — a Sentinel watches this company and briefs the next material filing the moment it lands.

Derived from 8-K filed 2026-06-15. Not investment advice. View the source filing on SEC.gov →