iRhythm, a health company specializing in wearable cardiac monitoring technology, has been targeted in a cyberattack that resulted in the theft of information.
The data breach was disclosed by iRhythm, known for its Zio wearable ECG monitor, in a Monday filing with the SEC.
The company said it detected “unauthorized activity involving data maintained on certain third-party-hosted business applications” on June 8. iRhythm noted that the attack involved social engineering, but the targeted application has not been named.
A threat actor contacted the company on June 9, claiming to have stolen sensitive information, including proprietary data and patients’ protected health information. The hackers demanded a ransom to prevent the compromised files from being leaked.
iRhythm has been working with external cybersecurity experts to investigate the breach, and it has confirmed that some data has been stolen, but it has not said whether the threat actor’s description of the compromised data is accurate.
