iRhythm Confirms Data Stolen in Hack

The digital health company said it learned of the breach on June 8 and the attackers demanded a ransom. The post iRhythm Confirms Data Stolen in Hack appeared first on SecurityWeek .

The article reports that digital cardiac monitoring company iRhythm detected unauthorized activity on June 8 in third-party hosted business applications, followed by a June 9 extortion message from a threat actor claiming theft of proprietary data, patient protected health information, and other personal information; iRhythm has since confirmed that some data was exfiltrated and that a ransom was demanded in exchange for not disclosing it.[1][3][5][7][8] The company states there is no evidence of impact to its clinical or medical device systems, patient safety, or core operations, and that access was obtained via social engineering against non-clinical, third-party systems.[1][3][4][7][8] From a CyberSE.AI perspective, this incident highlights healthcare-sector risk where clinical AI-enabled workflows and connected monitoring platforms depend on third-party business applications and are exposed through social engineering and data-theft-driven extortion, even when core device systems are segmented. Organizations operating healthcare data or AI-driven remote monitoring should conduct an AI Security Readiness Assessment focused on third-party application exposure, PHI handling, and so