Healthcare tech firm CareCloud admits data breach, says hackers accessed patient info — here's what we know

News
By published

Whether or not data was stolen has not yet been determined

  • CareCloud confirms cyberattack disrupting one EHR environment for eight hours
  • Company investigating whether patient or other sensitive data was accessed or exfiltrated
  • Incident did not materially impact operations, but may incur remediation, legal, and reputational costs

American IT healthcare company CareCloud has confirmed suffering a cyberattack in which sensitive data was compromised by the attackers.

The company filed a new report with the US Securities and Exchange Commission (SEC), saying it experienced a “temporary network disruption” in its CareCloud Health division on March 16, 2026.

That disruption “partially impacted the functionality and data access to one of six electronic health record environments for approximately eight hours,” until the attackers were finally ousted and functionality restored.

Article continues below

No material impact (yet)

After securing its infrastructure, CareCloud notified relevant authorities and engaged a “leading cyber response advisory team which is part of a Big Four accounting firm” for forensic analysis.

Although CareCloud said the unnamed threat actors accessed sensitive data, it does not say whether or not the information was exfiltrated to a third-party server: “The company continues to assess whether, and the extent to which, patient information or other data was accessed or exfiltrated, and the categories and volume of any such data,” the filing reads.

At press time, no hacking groups claimed responsibility for the attack, or shared details about the volume, nature, and type of data potentially stolen.

CareCloud is a publicly traded American healthcare technology firm providing cloud‑based software and services to medical practices and health systems, including electronic health records (EHR), practice management, billing and revenue cycle solutions. It works with tens of thousands of healthcare providers across the United States in more than 70 specialties and across all 50 states, with over 40,000 providers on its platform.

The company says that the incident did not have a material impact, but that it might incur expenses in remediation and response costs, legal, regulatory and notification-related matters, and could possibly affect patients, customers, counterparties, reputation and operations.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.