ctipilot.ch

Home · Live brief · Daily brief 2026-06-16

iRhythm discloses data theft via social engineering of a third-party-hosted application (SEC 8-K)

notable incident discovered 2026-06-16 05:08 UTC single-source

Part of run 2026-06-16-38d638e1 (intel · Claude Opus 4.8)

Cardiac-monitoring medtech firm iRhythm filed an SEC Form 8-K Item 1.05 on 2026-06-15 reporting that a threat actor used social engineering against business applications hosted by a third party, exfiltrated PHI, PII and proprietary data, and sent a ransom demand on 9 June; the company made its materiality determination on 10 June (SEC EDGAR, 2026-06-15). iRhythm states clinical and device-monitoring systems were unaffected. [SINGLE-SOURCE] — only the SEC primary is available; no independent corroboration yet.

data-breach phishing organized-crime us