Digital healthcare company **iRhythm Holdings**, known for analyzing over 2 billion hours of heartbeat data from more than 12 million patients, has disclosed a significant data breach. In a **U.S. Securities and Exchange Commission (SEC)** filing on Monday, the company revealed it discovered the incident on June 10, 2026. This prompted an immediate investigation with external cybersecurity experts and the activation of its cybersecurity response plan.  **iRhythm** stated that on June 9, 2026, a threat actor contacted them, claiming to possess sensitive information, including proprietary data, patient protected health information, and other personal details. The attackers demanded payment to prevent the public disclosure of this stolen information. "On June 9, 2026, the Company received communications from a threat actor claiming to have obtained sensitive information, including proprietary data, patient protected health information and other personal information. The communications from the threat actor demanded payment in exchange for not publicly disclosing this information," **iRhythm**'s filing stated. "Since receipt of the communications, the Company has confirmed that certain data was exfiltrated from those applications. On June 10, 2026, the Company determined that the incident is material in light of the volume of the potentially affected data." The company clarified that there is no evidence the breach impacted its products, clinical or medical device systems, patient safety, manufacturing and distribution operations, or financial reporting systems. **iRhythm** also noted that the threat actors gained access to the data through social engineering. Crucially, **iRhythm** does not store patients' payment card or financial account information, and the breach did not involve its clinical or medical device systems. The specific number of individuals affected by the breach remains undisclosed. **BleepingComputer**'s request for further details from an **iRhythm** spokesperson has not yet received a response. This incident follows a similar disclosure last week by Danish pharmaceutical giant **Novo Nordisk**, the world's largest producer of insulin, which also reported a data breach involving patient information from clinical trials due to compromised internal IT systems.