iRhythm discloses data theft via social engineering of a third-party-hosted application (SEC 8-K) [SINGLE-SOURCE]

Cardiac-monitoring medtech firm iRhythm filed an SEC Form 8-K Item 1.05 on 2026-06-15 reporting that a threat actor used social engineering against business applications hosted by a third party, exfiltrated PHI, PII and proprietary data, and sent a ransom demand on 9 June; the company made its materiality determination on 10 June (SEC EDGAR, 2026-06-15). iRhythm states clinical and device-monitoring systems were unaffected. [SINGLE-SOURCE] — only the SEC primary is available; no independent corroboration yet.