iRhythm disclosed a cyberattack via third-party apps where patient and proprietary data was stolen, followed by a ransom demand.iRhythm Technologies is a U.S.-based digital healthcare company specializing in remote cardiac monitoring and arrhythmia detection. Its best-known product is the Zio, a wearable patch that continuously records a patient’s heart rhythm for up to several weeks. The data is then analyzed using proprietary algorithms and reviewed by clinicians to help diagnose conditions such as Atrial Fibrillation and other heart rhythm disorders.iRhythm disclosed a cyberattack in an SEC Form 8-K filed on June 10. Someone got into third-party-hosted business applications, grabbed data, and then asked to be paid to keep quiet about it.“On June 8, 2026, iRhythm Holdings, Inc. identified unauthorized activity involving data maintained on certain third-party-hosted business applications.” reads the SEC Form 8-K report. “The Company promptly activated its cybersecurity response plan and launched an investigation with the support of external advisors and cybersecurity experts to assess and contain the threat.” On June 9, 2026, iRhythm received an extortion demand from a threat actor claiming to have stolen proprietary data, protected health information, and other personal data. The company later confirmed the data breach from third-party-hosted business applications via a social engineering attack and deemed the incident material. The digital healthcare firm stated that clinical and medical device systems, patient safety, operations, and customer connections were not affected, and no payment card or financial account data was involved. The company did not reveal which specific application was compromised and did not disclose technical details about the attack.“On June 9, 2026, the Company received communications from a threat actor claiming to have obtained sensitive information, including proprietary data, patient protected health information and other personal information.” continues the report. “The communications from the threat actor demanded payment in exchange for not publicly disclosing this information.” The company is investigating the scope of the incident.No ransomware group has publicly claimed the attack, and it’s not known whether iRhythm has engaged in negotiations with the attacker.Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, data breach)