iRhythm June 2024 Data Breach: What Cardiac Patients Should Know

iRhythm June 2024 Data Breach: What Cardiac Patients Should Know

iRhythm Technologies, a medical device company widely known for its Zio cardiac monitoring patches, has disclosed a cybersecurity incident tied to a June 2024 attack. The breach involved unauthorized access to data held in certain third-party-hosted business applications, raising serious questions about how sensitive health information is secured across the digital ecosystems that support modern medical devices.

The disclosure places iRhythm among a growing list of healthcare companies that have faced unauthorized intrusions not through their core clinical systems, but through the network of vendors and cloud platforms that surround them.

What Happened in the June 2024 Incident

According to the disclosure, iRhythm identified unauthorized activity affecting data maintained on third-party-hosted business applications. The company activated its cybersecurity response plan upon discovering the breach. Public reporting indicates the attack was identified on June 8, 2024, with the formal disclosure following shortly after.

Information potentially exposed in the breach includes sensitive personal and medical data: Social Security numbers, medical record numbers, diagnosis information, and health insurance details. For cardiac patients, this is not just a privacy issue. It is a financial and medical identity risk. Stolen health records can be used to fraudulently bill insurers, obtain prescription medications, or open lines of credit.

This is not iRhythm's first encounter with threat actors targeting its patient data. The company was later hit by a separate ransomware attack in 2025 that involved social engineering and a ransom demand, suggesting the company has remained a persistent target for cybercriminals who see cardiac patient data as particularly valuable.

Why Medical IoT Devices Create Unique Privacy Risks

The Zio patch is a remote ECG monitoring device that transmits clinical data over connected infrastructure. That connectivity is exactly what makes it useful to clinicians and exactly what creates exposure for patients. The device itself may not be the weak point; third-party platforms that store, transmit, or process the data generated by these devices can introduce vulnerabilities that neither the patient nor their doctor fully controls.

This pattern is common across connected health devices. The more touchpoints that exist between a patient's raw health data and a final clinical report, the more opportunities there are for an unauthorized party to intercept or exfiltrate that information. Regulatory frameworks like HIPAA require covered entities and their business associates to maintain safeguards, but compliance does not equal security, and audits often lag behind real-world attack methods.

Healthcare organizations have faced escalating pressure from cybercriminals since at least the major disruption at Change Healthcare in early 2024, which showed how interconnected the healthcare supply chain truly is. Cardiac monitoring providers like iRhythm sit within that same ecosystem.

What This Means For You

If you are a current or former iRhythm patient, your information may have been exposed in this incident. Even if you have not received a formal notification yet, it is worth taking precautionary steps now rather than waiting.

First, review your health insurance Explanation of Benefits statements for any services or prescriptions you did not receive. Medical identity theft often goes undetected for months because victims rarely scrutinize their insurance records the way they would a bank statement.

Second, consider placing a credit freeze with the major credit bureaus. A Social Security number combined with medical record data is enough to open new credit lines in your name.

Third, be cautious about how you access your personal health records online. Logging into patient portals over unsecured public Wi-Fi networks exposes your session to interception. Using a VPN when accessing any healthcare portal adds a layer of encryption between your device and the network, reducing the risk that a third party on the same network can observe your activity or capture credentials.

Finally, watch for phishing attempts. After a breach, attackers often use the stolen data to craft convincing follow-up scams. An email that references your real medical provider or insurance company is not necessarily legitimate.

Actionable Takeaways

• Check your insurance records for fraudulent claims going back to mid-2024.
• Freeze your credit at Equifax, Experian, and TransUnion if your Social Security number may have been exposed.
• Use a VPN whenever you log into a patient portal or health records platform, especially on mobile or public networks.
• Enable multi-factor authentication on all healthcare and insurance accounts that support it.
• Be skeptical of any outreach referencing iRhythm, your cardiac care, or your health insurance in the coming weeks.

The iRhythm June 2024 breach is a clear reminder that the personal data generated by connected medical devices does not stay neatly inside those devices. Patients who use remote monitoring tools have a right to know how their data is stored, who can access it, and what protections are in place when those systems are compromised. Staying informed and taking proactive steps remains the most effective defense available to individuals caught in breaches they had no power to prevent.