CareCloud Healthcare Software Breach Exposes Patient Data in Potential Leak
Healthcare software provider CareCloud disclosed a cybersecurity incident that may have exposed patient electronic health records (EHR) after hackers breached one of its systems. The company filed a notice with the Securities and Exchange Commission (SEC) on March 24, revealing that a March 16 network disruption temporarily compromised an EHR environment for eight hours.
An investigation confirmed that an unauthorized actor gained access to the system, though the extent of data exposure remains under assessment. CareCloud, which serves over 45,000 healthcare providers and reported $120.5 million in revenue last year, stated it is still determining whether patient information was accessed or exfiltrated, including the volume and categories of affected data. The company has not disclosed the number of impacted individuals.
The incident was initially reported to law enforcement but was later deemed "material" due to the sensitivity of the data and potential consequences, including remediation costs, legal and regulatory fallout, reputational damage, and operational disruptions. Only one of six EHR environments was affected, and no other CareCloud platforms were compromised. No hacking group has claimed responsibility as of March 27.
This breach follows a string of recent attacks on healthcare technology firms, including:
- Insightin, where 1.1 million records were stolen in a September 2023 incident reported earlier this month.
- TriZetto Provider Solutions, which exposed 3 million records in a 2024 breach.
- Episource, where 5 million individuals were affected by a separate attack this year.
CareCloud has not responded to requests for further details. The investigation into the breach is ongoing.
Source: https://therecord.media/carecloud-hack-data-breach-sec
CareCloud cybersecurity rating report: https://www.rankiteo.com/company/carecloud
"id": "CAR1774881300",
"linkid": "carecloud",
"type": "Breach",
"date": "3/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare Technology',
'name': 'CareCloud',
'size': 'Over 45,000 healthcare providers served, '
'$120.5 million in revenue last year',
'type': 'Healthcare Software Provider'}],
'data_breach': {'personally_identifiable_information': 'Likely',
'sensitivity_of_data': 'High (health records)',
'type_of_data_compromised': 'Patient electronic health '
'records (EHR)'},
'date_detected': '2024-03-16',
'date_publicly_disclosed': '2024-03-24',
'description': 'Healthcare software provider CareCloud disclosed a '
'cybersecurity incident that may have exposed patient '
'electronic health records (EHR) after hackers breached one of '
'its systems. The company filed a notice with the Securities '
'and Exchange Commission (SEC) on March 24, revealing that a '
'March 16 network disruption temporarily compromised an EHR '
'environment for eight hours. An investigation confirmed that '
'an unauthorized actor gained access to the system, though the '
'extent of data exposure remains under assessment.',
'impact': {'brand_reputation_impact': 'Reputational damage',
'data_compromised': 'Patient electronic health records (EHR)',
'downtime': '8 hours',
'legal_liabilities': 'Legal and regulatory fallout',
'operational_impact': 'Operational disruptions',
'systems_affected': 'One of six EHR environments'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2024-03-24',
'source': 'Securities and Exchange Commission (SEC) filing'}],
'regulatory_compliance': {'regulatory_notifications': 'SEC filing'},
'response': {'law_enforcement_notified': 'Yes'},
'title': 'CareCloud Healthcare Software Breach Exposes Patient Data in '
'Potential Leak',
'type': 'Data Breach'}