iRhythm discloses data breach, says hackers stole patient info

Digital healthcare company iRhythm Holdings recently disclosed a significant data breach, confirming that threat actors had successfully stolen patient data. The disclosure, made on June 16, 2026, revealed that hackers infiltrated third-party-hosted business applications used by iRhythm, subsequently exfiltrating sensitive personal and health information belonging to patients¹. This compromise highlights critical vulnerabilities in the extended digital supply chain for healthcare providers. The stolen data includes a range of highly confidential patient details, raising substantial privacy concerns and elevating the risk of identity theft or medical fraud for individuals whose information was exposed. This incident underscores the persistent challenge of securing protected health information when operational reliance extends to external service providers and cloud platforms. Healthcare organizations must exercise stringent due diligence and implement continuous monitoring protocols for their third-party vendors, as a single point of failure within an outsourced application can lead to severe data exposure. Effectively mitigating these risks requires comprehensive third-party risk management strategies to maintain patient trust and regulatory compliance.