FlagThis

Abstract

iRhythm Technologies disclosed unauthorized access to protected health information (PHI) stored on third-party-hosted business applications, triggering HIPAA breach notification obligations. The breach affects patient data managed through external vendor platforms; the full scope of records exposed, the attack vector, and responsible threat actor have not been publicly confirmed. Organizations with similar third-party PHI hosting arrangements face heightened regulatory scrutiny and patient notification liability.