Normal view

Cardiac patients’ medical data stolen and held to ransom

16 June 2026 at 14:49

Cardiac monitoring provider iRhythm has been hit by a data theft followed by an extortion attempt.

In a filing with the Securities and Exchange Commission (SEC), iRhythm revealed it was contacted by someone on June 9 who claimed to have stolen sensitive information, including proprietary data, patient PHI, and other personal information. That person demanded payment in exchange for not publishing the data.

iRhythm provides ambulatory cardiac monitoring and analysis (for example using the Zio patch) and has reportedly processed over two billion hours of heartbeat data from more than twelve million patients.

In the filing, the company said the data was obtained through social engineering and is from “certain third-party-hosted business applications”, without revealing any further details about the amount of data.

On its own website, iRhythm also doesn’t disclose much about the nature of the stolen data, but does seem to imply no financial data was affected:

“We have not identified any impact to our products, our clinical or medical device systems, our connections to customers, our manufacturing and distribution operations, patient safety, or our ability to meet patient needs. In addition, we do not store or retain individual financial account information or payment card information. 

 As we actively investigate, we will notify individuals affected by this incident in accordance with applicable law and take steps as needed to protect and remediate the impact to them.“

However, the SEC filing adds that iRhythm determined that the incident is significant, “in light of the volume of the potentially affected data.” Together with the extortionist’s claims that they have patients’ medical data, that makes the breach one worth noting if you have used iRhythm’s services.

Even without payment data, healthcare breaches have serious downstream effects:

  • Attackers can craft highly convincing emails, texts, or calls that reference specific procedures or monitoring episodes (for example, “about your recent Zio patch recording”) to trick patients into sharing more data or paying fake bills.
  • The breached data can be used to create a fake identity, insurance fraud, or medical identity theft.
  • Exposure of cardiac and other health‑related information can be deeply sensitive and may have employment/insurance ramifications, especially if data is posted publicly or sold to data brokers.

Healthcare breach data tends to circulate for years, and victims may face sporadic fraud and phishing attempts long after the headlines fade.

How to stay safe

If you’ve used iRhythm’s services, keep an eye on your post, email, and patient portals for official breach notifications from iRhythm or your healthcare provider.

In the US, breaches of protected health information that meet certain criteria must be reported to patients and regulators. iRhythm has promised to “notify individuals affected by this incident in accordance with applicable law and take steps as needed to protect and remediate the impact to them.”

To stay out of the hands of phishers and scammers:

  • When you receive a communication about the data breach, verify through other channels that it really came from iRhythm. Go directly to iRhythm’s official website or patient portal, or call a known phone number to confirm the communication is genuine.
  • Be extra suspicious of emails or texts that claim to offer compensation, refunds, or other financial consequences related to this incident.
  • Change passwords for your iRhythm‑linked portals and your cardiology or hospital patient portals, especially if you reused those passwords elsewhere.
  • Log into your health insurer’s portal and check claims on a regular basis.
  • If you see anything suspicious, report it immediately to your insurer and provider and ask them to flag your account for possible identity theft.
  • Do not provide personal or financial information over the phone just because the caller knows details about you which they may have obtained from the stolen data.

Let’s face it, an incognito window can only do so much. 
 
Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance. 

Ring doorbells: Won’t you see my neighbor? (Lock and Code S07E05)

8 March 2026 at 23:55

This week on the Lock and Code podcast…

On February 8, during the Super Bowl in the United States, countless owners of one of the most popular smart products today got a bit of a wakeup call: Their Ring doorbells could be used to see a whole lot more than they knew.

In a commercial that was broadcast to one of most reliably enormous audiences in the country, Amazon, which owns the company Ring, promoted a new feature for its smart doorbells called “Search Party.” By scouring the footage of individual Ring cameras across a specific region, “Search Party” can implement AI-powered image recognition technology to find, as the commercial portrayed it, a lost dog. But immediately after the commercial aired, people began wondering what else their Ring cameras could be used to find.

As US Senator Ed Markey wrote on social media:

“Ring’s Super Bowl ad exposed a scary truth: the technology in its doorbell cameras could be used to hunt down a lost pet…or a person. Amazon must discontinue its dystopian monitoring features.”

These “dystopian monitoring features” aren’t entirely new, but that’s not to say that most Ring owners knew what they were allowing when they originally bought their devices.

Bought by Amazon in 2018, Ring is the most popular manufacturer of a product that, as of 15 years ago, didn’t really exist. And while other “smart” innovations failed, smart doorbells have become a fixture of American neighborhoods, providing a mixture of convenience and security. For instance, a Ring owner away from home can verify and buzz in their mailman dropping off a package behind a gated entrance. Or, a Ring owner can see on their phone that the person knocking at their door is a salesman and choose to avoid talking to them. Or, a Ring owner can help police who are investigating a crime in their area by handing over relevant footage. Even the presence of a Ring doorbell, and its variety of motion-detecting alerts, could possibly serve as a deterrent to crime.

What has seemingly upset so many of those same owners, then, is learning exactly how their personal devices might be used for a company’s gains.

Today, on the Lock and Code podcast with host David Ruiz, we speak with Matthew Guariglia, senior policy analyst at Electronic Frontier Foundation, about Ring’s long history of partnering with—and sometimes even speaking directly for—police, who can access Ring doorbell footage both inside the company and outside it, and what people really open themselves up to when purchasing a Ring device.

 ”There’s this impression, a myth practically, that ‘I buy a ring doorbell to put on my house, I control the footage… But there is [an] entire secondary use of this device, which is by police that you don’t really get a lot of say in.”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)


Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium Security for Lock and Code listeners.

❌