0001388658false00013886582026-06-102026-06-10
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 8-K
CURRENT REPORT
Pursuant to Section 13 or 15(d)
of the Securities Exchange Act of 1934
Date of report (Date of earliest event reported): June 10, 2026
iRhythm Holdings, Inc.
(Exact name of Registrant as specified in its charter) | | | | | | | | |
| Delaware | 001-37918 | 41-3421287 |
(State or other jurisdiction of
incorporation or organization) | (Commission
File Number) | (I.R.S. Employer
Identification Number) |
699 8th Street, Suite 600
San Francisco, California 94103
(Address of principal executive office) (Zip Code)
(415) 632-5700
(Registrant’s telephone number, including area code)
N/A
(Former Name or Former Address, if Changed Since Last Report)
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
☐ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)
☐ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)
☐ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))
☐ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))
Securities registered pursuant to Section 12(b) of the Act: | | | | | | | | |
| Title of each class | Trading Symbol | Name of each exchange on which registered |
| Common Stock, Par Value $0.001 Per Share | IRTC | The NASDAQ Global Select Market |
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§ 230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§ 240.12b-2 of this chapter).
Emerging growth company ☐
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Item 1.05 Material Cybersecurity Incidents.
On June 8, 2026, iRhythm Holdings, Inc. (the “Company”) identified unauthorized activity involving data maintained on certain third-party-hosted business applications. The Company promptly activated its cybersecurity response plan and launched an investigation with the support of external advisors and cybersecurity experts to assess and contain the threat.
On June 9, 2026, the Company received communications from a threat actor claiming to have obtained sensitive information, including proprietary data, patient protected health information and other personal information. The communications from the threat actor demanded payment in exchange for not publicly disclosing this information. Since receipt of the communications, the Company has confirmed that certain data was exfiltrated from those applications. On June 10, 2026, the Company determined that the incident is material in light of the volume of the potentially affected data.
Based on its investigation as of the date of this Current Report on Form 8-K, (1) the Company has not identified any impact to its products, clinical or medical device systems, patient safety, manufacturing and distribution operations, financial reporting systems, or the Company’s ability to meet patient needs and (2) the affected data was obtained through social engineering and is from certain third-party-hosted business applications. The incident does not involve the Company’s clinical or medical device systems or connections to customers and the Company does not store or retain individual financial account information or payment card information.
As of the date of this Current Report on Form 8-K, the Company has not identified evidence of ongoing unauthorized access to its systems. The Company is continuing to investigate the nature and scope of the incident, including the categories and volume of the data involved and the individuals affected.
The Company believes, as of the date of this Current Report on Form 8-K, that the incident is not reasonably likely to have a material impact on the Company’s financial condition or results of operations. The Company maintains cybersecurity insurance that may cover certain losses associated with the incident, although there can be no assurance that such coverage will be sufficient to cover all losses the Company may incur.
To the extent any information required by Item 1.05(a) of Form 8-K was not determined or was unavailable at the time of this filing, the Company will amend this Current Report on Form 8-K as such information is determined or becomes available.
Forward-Looking Statements
This Current Report on Form 8-K contains forward-looking statements within the meaning of the federal securities laws, including, without limitation: the Company’s current beliefs, understanding, and expectations regarding the incident; statements regarding the nature and scope of the incident; the Company’s ongoing assessment of the extent, categories and volume of data that was accessed or exfiltrated; the Company’s ongoing efforts to assess and contain the threat, including the Company’s assessment of whether there is any ongoing unauthorized access to its systems; the availability and adequacy of the Company’s insurance coverage; and the reasonably likely impact of the incident on the Company’s business, operations, financial condition and results of operations. These statements are based on current information, estimates and assumptions and are subject to known and unknown risks and uncertainties. Actual results may differ materially from those expressed or implied by these forward-looking statements. Factors that could cause actual results to differ from those expressed in these forward-looking statements include the ongoing assessment of the incident; the potential publication or misuse of affected data by the threat actor or other parties; legal, regulatory, reputational, and financial risks resulting from the incident or additional cybersecurity incidents; and the risks described in the Company’s Annual Report on Form 10-K for the year ended December 31, 2025 and subsequent Quarterly Reports on Form 10-Q. Except as required by law, the Company undertakes no obligation to update these statements.
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, as amended, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
| | | | | | | | | | | |
| | IRHYTHM HOLDINGS, INC. |
| | | |
Date: June 15, 2026 | | By: | /s/ Quentin Blackford |
| | | Quentin Blackford |
| | | President and Chief Executive Officer |