iRhythm Data Breach: Info of 150,000 Patients Stolen – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

iRhythm Discloses Data Breach After Patient Info Stolen

Digital healthcare company iRhythm has announced a data breach after cyberattackers stole patient data stored on third-party applications. The breach is said to have affected nearly 150,000 people.

A lock and warning symbol on a laptop screen, conceptualizing the iRhythm data breach.

What Happened

iRhythm, a digital healthcare services company known for its cardiac monitoring technologies, has publicly disclosed a serious data breach. According to an official notification filed with the Maine Attorney General's Office, cyberattackers accessed the sensitive personal and medical information of approximately 148,819 patients. This development once again highlights how valuable and targeted health data has become.

iRhythm is known for its Zio service, which monitors patients' heart rhythms through wearable sensors and cloud-based data analysis. The fact that the company handles such critical health data further increases the severity of the breach. The incident occurred as a result of unauthorized access to business applications used by the company and hosted by a third party. This also underscores the significant risk posed by supply chain vulnerabilities in cybersecurity. Even if a company's own infrastructure is not directly targeted, a security flaw in the systems of its partners or service providers can create a domino effect, leading to the leakage of data from thousands of patients.

According to the company's statement, the data breach actually occurred late last year. However, it took months to detect, investigate, and fully understand the impact of the event. Such comprehensive investigations involve digital forensics experts determining how the system was accessed, what data was compromised, and how long the attackers remained active in the system. The length of this process often depends on the complexity of the attack and how scattered the digital footprints are. iRhythm stated that it began the process of notifying affected individuals after the investigation was complete. However, such a delay gives attackers a significant window of opportunity to misuse the stolen data.

Has your email been leaked? Check for free — results in seconds.

Check Now →

The Data That Was Compromised

The list of data obtained by the attackers reveals the gravity of the situation. This is not just a leak of a name and email list; it contains extremely sensitive information that can be used for identity theft, fraud, and even blackmail. According to the company's notification, the types of stolen data include:

  • Personally Identifiable Information (PII): Patients' full names, dates of birth, and, most importantly, Social Security Numbers (SSNs). This combination of three pieces of information is sufficient for identity theft activities such as opening new credit cards, creating bank accounts, or filing fraudulent tax returns in a person's name. As the SSN is the primary identification tool used in almost all official transactions in the US, its leakage is one of the most dangerous types of data theft.
  • Financial Information: The notification mentions "financial account information." This could include data such as bank account numbers, credit card details, or payment histories. This information can be used for direct financial fraud and carries the risk of victims' accounts being drained.
  • Protected Health Information (PHI): This category is perhaps the most concerning. The stolen data includes patients' medical diagnoses, treatments they have received, and their health insurance information. This type of information is extremely private and can be used by malicious actors in various ways. For example, using a patient's specific diagnosis, highly convincing phishing attacks can be crafted, such as, "There is an issue with your treatment, you need to make an urgent payment." Furthermore, such sensitive information can also be used as a tool to blackmail individuals.

The combination of this data is a treasure trove for cybercriminals. The collection of identity, financial, and health information in a single package lays the groundwork for both immediate fraud and long-term identity theft. Attackers can sell these data sets on dark web marketplaces or use them to conduct more complex fraud operations themselves.

How the Attack Happened

According to iRhythm's statements, the attack was not directed at the company's own systems but at business applications hosted by a third-party provider it uses. The attackers gained unauthorized access to this external platform. The company has not yet shared any technical details about the attack, the vulnerability that was exploited, or the identity of the attackers. In such cases, companies often prefer to keep technical details confidential, usually due to an ongoing law enforcement investigation.

Based on the shared timeline, the unauthorized access occurred between September 1, 2025, and October 24, 2025. The company stated that it detected the suspicious activity on October 24, 2025, and immediately launched an investigation. During this investigation, they enlisted the help of third-party cybersecurity firms specializing in such incidents to understand the scope and impact of the event. The investigation concluded on May 1, 2026, at which point it was definitively determined which patient data had been leaked.

This timeline also explains why there was a nearly eight-month gap between the detection of the attack and the notification of affected individuals. Forensic analysis, examination of log records, and determining the scope of the leaked data are very time-consuming processes. However, this long waiting period means that the victims were unaware they were at risk.

Who Is Affected

Those directly affected by the data breach are patients who are currently using or have previously used iRhythm's cardiac monitoring services. According to the official notification filed with the Maine Attorney General, exactly 148,819 individuals were affected by this breach. This number represents the count of people whose data the company's investigation found to have been accessed without authorization.

It is understood that the affected individuals are those who used the company's products, such as Zio, and shared their personal, financial, and medical information with the company in the process. These patients now have to face the reality that their data may be in the hands of cybercriminals. The company began sending notification letters to all affected individuals starting on June 14, 2026.

What You Can Do

If you have received a notification letter from iRhythm or have used the company's services in the past, you should act immediately, assuming your data may be at risk. Here are the steps you can take:

  • Activate the Free Service Offered by the Company: iRhythm is offering victims 12 months of free credit monitoring and identity theft protection services through Experian. The notification letter will contain instructions on how to activate this service. You should absolutely use this service. It will promptly notify you of suspicious activities, such as a new account being opened in your name on your credit report.
  • Be Vigilant Against Phishing Attacks: Attackers now possess very specific information about you. You may receive highly convincing emails, text messages, or phone calls crafted with your medical diagnosis, treatment history, and insurance information. Be skeptical of any communication that asks for personal information or payment. No legitimate institution will ask for your password or Social Security Number via email.
  • Review Your Accounts: Carefully review your bank and credit card statements, as well as the Explanation of Benefits (EOB) from your health insurer. Report any transactions you don't recognize or find suspicious to the relevant institution immediately.
  • Consider a Credit Freeze: While credit monitoring alerts you, a credit freeze prevents new credit accounts from being opened in your name. This is one of the most effective measures against identity theft. You can freeze your credit for free by contacting the three major credit bureaus in the US (Experian, TransUnion, Equifax).

What the Company Is Saying

In its official statement, iRhythm emphasized that it is taking the incident seriously and places great importance on the security of its customers. The company stated that immediately after discovering the breach, it took steps to secure its systems with the help of cybersecurity experts. They also added that they are cooperating with federal law enforcement.

The company's data breach notification letter included the following statement: "We regret any concern or inconvenience this incident may cause. We are taking steps to protect your information and are working to further strengthen our security measures in response to this incident." iRhythm reiterated that it has established a call center to support affected individuals and is offering a 12-month free identity protection service. These steps are standard crisis management procedures in the corporate world following data breaches and demonstrate the company's effort to fulfill its legal obligations.

Source

https://www.bleepingcomputer.com/news/security/irhythm-discloses-data-breach-says-hackers-stole-patient-info/

Share This Article
X LinkedIn WhatsApp
← Previous Post Maine Data Breach Portal Shut Down Due to Fake Notices Next Post → iRhythm Confirms Data Was Stolen in Cyberattack

Weekly Newsletter

Curated data breach news delivered to your inbox every week.