iRhythm Holdings Identifies Data Breach via Third-Party Applications
iRhythm Holdings, Inc., a digital healthcare company, identified unauthorized activity on certain third-party-hosted business applications on June 8, 2026. A threat actor subsequently claimed to have obtained proprietary data, patient protected health information (PHI), and other personal information, demanding payment to prevent public disclosure. The company confirmed that some data was exfiltrated. The attack was attributed to social engineering. iRhythm stated that its clinical and medical device systems, patient safety, operations, and financial reporting systems were not affected, and no payment card or financial account data was involved.
Signal context
First seen: Jun 8, 2026
Last updated: Jun 24, 2026
Status: Public signal
Key points
- Unauthorized activity identified on June 8, 2026, in third-party-hosted business applications.
- Threat actor claimed to have stolen proprietary data, patient PHI, and other personal information.
- Extortion demand made for non-disclosure.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Finance and Insurance
Likely country: 🇬🇧 United Kingdom
inferred from source domains
Watch phishing, executive impersonation and account-takeover exposure.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 14 signals in the same sector
- 66 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
iRhythm Confirms Data Stolen in Hack - SecurityWeekhttps://www.securityweek.com/irhythm-confirms-data-stolen-in-hack/Public source from securityweek.com.
iRhythm discloses data breach after hackers steal patient health information and demand ransomhttps://www.teiss.co.uk/irhythm-data-breach-patient-health-information-ransom/Public source from teiss.co.uk.
Related signals
Grouped by why the signal is relevant.
SoFi Hong Kong Confirms Third-Party Data Breach
SoFi Hong Kong, a subsidiary of the U.S.-based financial technology company SoFi, confirmed a data breach after unauthorized access was gained to a customer information database managed by a third-party vendor. The incident was detected on April 30, 2026, and publicly disclosed on June 8, 2026. The compromised data included names, dates of birth, addresses, email addresses, phone numbers, and employment and education information. The company stated that no account passwords or financial account numbers were reportedly exposed. The attack involved social engineering and exploitation of third-party vendor access. SoFi Hong Kong advised customers to remain vigilant for phishing attempts and suspicious activity.
City of Aurora loses $1.1M in phone scam cyber attack
The City of Aurora lost approximately $1.1 million from city bank accounts after an employee fell victim to a phone-based social engineering scam. Attackers gained access to city bank account information and fraudulently transferred public funds.
Healthtech firm Xsolis suffers data breach impacting 1.4 million people
Healthcare technology company Xsolis disclosed a data breach affecting nearly 1.4 million individuals. The incident stemmed from a targeted phishing attack on January 20, 2026, which led to unauthorized access to a limited portion of the Xsolis environment. Attackers accessed files containing customer information, including names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information. Xsolis is a U.S.-based firm providing AI-powered software for healthcare organizations.
Texas Parks and Wildlife Department data breach exposes over 3 million driver's licenses
The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. The compromised data included driver's license information, passport numbers, email addresses, phone numbers, and residential addresses. Social Security Numbers, dates of birth, or financial information were not impacted.
Nintendo confirms data stolen in WebMD subsidiary cyberattack
Nintendo of America confirmed that survey data was stolen from TinyPulse, a third-party service used internally for employee surveys. The company emphasized that its own systems were not compromised, and no personal customer or financial data was accessed. The data involved was limited to internal survey content from a small subset of employees, with most information dating back several years. The Shadowbyt3$ extortion group claimed responsibility, demanding a $2 million ransom.
American Express Insider Data Breach Reported
American Express was involved in an insider data breach where an employee accessed the personal financial information of an individual. An investigation by the Australian Privacy Commissioner found the company breached privacy laws by failing to implement adequate restrictions on staff access to customer accounts.