Cardiac monitoring firm iRhythm Technologies has disclosed a data breach to the U.S. Securities and Exchange Commission, revealing that hackers stole sensitive patient health information and proprietary data from third-party-hosted business applications1. The attackers subsequently demanded a ransom, although it remains unclear whether the company acquiesced to their demands. The breach underscores the evolving nature of cyberattacks, which are increasingly targeting sensitive data stored on third-party platforms. Technical details of the breach, including the specific vulnerabilities exploited by the attackers, have not been disclosed. The incident may have significant downstream effects, including regulatory repercussions and supply-chain disruptions. So what matters to practitioners is that this breach may signal a new wave of attacks on third-party hosts, requiring heightened vigilance and proactive measures to protect sensitive data.