CareTracker, Inc., a U.S.-based cloud provider of electronic health record (EHR) and practice management software for healthcare providers, disclosed a data breach on August 18, 2025, to the U.S. Department of Health and Human Services. The incident exposed sensitive personally identifiable information (PII) and protected health information (PHI) of thousands of patients, including names, contact details, dates of birth, Social Security numbers, driver’s license/state ID numbers, health insurance details, medical records, and payment information. The breach affected small and mid-sized medical practices using CareTracker’s platform, with potential consequences including identity theft, financial fraud, and unauthorized access to medical histories. While the exact number of impacted individuals remains undisclosed, the scale is believed to be significant. Affected parties are advised to monitor financial accounts, enroll in credit protection services, and seek legal recourse for potential compensation due to emotional distress, lost time, and out-of-pocket expenses resulting from the exposure.
Source: https://www.claimdepot.com/investigations/caretracker-data-breach-2025
TPRM report: https://www.rankiteo.com/company/harris-caretracker
"id": "har531090325",
"linkid": "harris-caretracker",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands or more '
'(patients/clients of healthcare '
'providers using CareTracker '
'software)',
'industry': 'Healthcare IT / Software',
'location': 'United States',
'name': 'CareTracker, Inc.',
'type': 'Private Company (Subsidiary)'},
{'industry': 'Software and IT Services',
'name': 'Harris Computer Systems',
'type': 'Parent Company'},
{'industry': 'Software Acquisition and Management',
'name': 'Constellation Software Inc.',
'type': 'Parent Corporation'}],
'customer_advisories': "Patients/clients of CareTracker's healthcare software "
'providers notified of potential PII/PHI exposure',
'data_breach': {'number_of_records_exposed': 'Thousands or more (exact number '
'undisclosed)',
'personally_identifiable_information': ['Name',
'Contact/demographic '
'info',
'Date of birth',
'Social Security '
'number',
"Driver's "
'license/state ID',
'Health insurance '
'details',
'Medical records',
'Payment information'],
'sensitivity_of_data': 'High (includes SSN, medical records, '
'payment info)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2025-08-18',
'description': 'CareTracker Inc., a cloud-based practice management and '
'electronic health record (EHR) solutions provider, disclosed '
'a data breach involving the exposure of sensitive personally '
'identifiable information (PII) and protected health '
'information (PHI) of patients or clients. The breach was '
'reported to the U.S. Department of Health and Human Services '
'on August 18, 2025. The total number of impacted practices '
'and patients is believed to be in the thousands or more.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII/PHI',
'data_compromised': ['Name',
'Contact and demographic information',
'Date of birth',
'Social Security number',
"Driver's license or state ID number",
'Health insurance details',
'Medical records',
'Payment information'],
'identity_theft_risk': "High (due to exposure of SSN, driver's "
'license, and financial details)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'for affected individuals',
'payment_information_risk': 'High (payment information exposed)'},
'investigation_status': 'Under investigation by Shamis & Gentile P.A. for '
'potential class action lawsuit',
'recommendations': ['Enroll in free credit monitoring/identity protection '
'services if offered',
'Monitor financial statements for suspicious activity',
'Place a fraud alert on credit reports',
'Request free annual credit reports from major bureaus',
'Seek legal counsel for potential compensation claims'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-08-18',
'source': 'U.S. Department of Health and Human Services (HHS) '
'Breach Report'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuits being '
'investigated by Shamis & Gentile '
'P.A.',
'regulations_violated': ['Potential HIPAA '
'violations (exposure of '
'PHI)'],
'regulatory_notifications': 'Reported to U.S. '
'Department of Health '
'and Human Services '
'(HHS)'},
'response': {'communication_strategy': 'Notification letters sent to affected '
'individuals; offer of free credit '
'monitoring and identity protection '
'services'},
'stakeholder_advisories': 'Affected individuals advised to review '
'notification letters, enroll in credit monitoring, '
'and seek legal help',
'title': 'CareTracker, Inc. Data Breach',
'type': 'Data Breach'}