iRhythm, a health company specializing in wearable cardiac monitoring technology, has been targeted in a cyberattack that resulted in the theft of information.
The data breach was disclosed by iRhythm, known for its Zio wearable ECG monitor, in a Monday filing with the SEC.
The company said it detected “unauthorized activity involving data maintained on certain third-party-hosted business applications” on June 8. iRhythm noted that the attack involved social engineering, but the targeted application has not been named.
A threat actor contacted the company on June 9, claiming to have stolen sensitive information, including proprietary data and patients’ protected health information. The hackers demanded a ransom to prevent the compromised files from being leaked.
iRhythm has been working with external cybersecurity experts to investigate the breach, and it has confirmed that some data has been stolen, but it has not said whether the threat actor’s description of the compromised data is accurate.
The medical device vendor is still working on determining how many individuals are affected, as well as what type and how much data was stolen.
The company said its products, clinical or medical device systems, manufacturing and distribution operations, patient safety, and financial reporting systems were not impacted.
“The incident does not involve the Company’s clinical or medical device systems or connections to customers and the Company does not store or retain individual financial account information or payment card information,” it noted in its SEC filing.
No known ransomware or extortion group appears to have taken credit for the attack on iRhythm.
It’s unclear whether the company has agreed to pay a ransom or engaged with the hackers.
SecurityWeek has reached out to iRhythm for additional information and will update this article if it responds.
Related: Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters
Related: Cybercrime Group Claims Novo Nordisk Hack
Related: French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker
Related: ShinyHunters Claims Council of Europe Hack
