iRhythm Holdings, a digital healthcare company specializing in cardiac monitoring services, has disclosed a data breach affecting patient information stored on third-party-hosted business applications. The company detected unauthorized access to systems containing sensitive patient data, prompting notifications to affected individuals and regulatory authorities.
The breach involved multiple categories of protected health information and personally identifiable data. Compromised information includes patient names, dates of birth, Social Security numbers, medical record numbers, health insurance details, and clinical data related to cardiac monitoring services. The extent of the breach and the exact number of affected patients has not been publicly specified.
The attack targeted business applications hosted by a third-party service provider rather than iRhythm's core clinical systems. This highlights the persistent security risks associated with vendor relationships and cloud-based infrastructure in healthcare environments. The company has not disclosed technical details about how the breach occurred, whether ransomware was involved, or the specific third-party vendor affected.
The exposure of Social Security numbers and health insurance information creates significant identity theft risks for affected patients. Combined with clinical data, the stolen information could enable targeted phishing campaigns or insurance fraud. Healthcare data breaches often have long-term consequences as medical information cannot be changed like credit card numbers.
Affected patients should immediately review their credit reports and consider placing fraud alerts or security freezes with credit bureaus. They should monitor explanation of benefits statements from insurers for unauthorized medical claims and remain vigilant against phishing emails or calls referencing their cardiac care. iRhythm is offering credit monitoring services to impacted individuals and has stated it is enhancing security measures to prevent future incidents.
Source: https://www.bleepingcomputer.com/news/security/irhythm-discloses-data-breach-says-hackers-stole-patient-info/