CareCloud reports data breach after cyberattack disrupts EHR system

CareCloud Inc., a New Jersey-based healthcare information technology company, disclosed a data breach after a cyberattack on March 16 disrupted one of its electronic health record systems and exposed sensitive patient data.

The intrusion affected CareCloud’s CareCloud Health division, where attackers gained access to the company’s IT infrastructure, causing a temporary network disruption that lasted approximately eight hours. The incident partially impacted functionality and data access within one of the company’s six electronic health record environments before full restoration was completed later that same day.

CareCloud, a publicly traded provider of software-as-a-service solutions for healthcare organizations, delivers services including electronic health records, revenue cycle management, practice management, and patient experience tools. The company confirmed that the compromised environment contains patient health records belonging to its customers.

An initial investigation indicates that unauthorized access was limited to a single environment, with no evidence of broader impact across other platforms, systems, or divisions. The company stated that the attacker no longer has access to its systems and that all affected services have been fully restored.

CareCloud initiated its incident response procedures immediately after detecting the breach. The company notified its cybersecurity insurance provider and engaged an external cyber response advisory team affiliated with a Big Four accounting firm to secure its systems and conduct a comprehensive forensic investigation.

The scope of the data exposure remains under review. CareCloud is working to determine what types of information may have been accessed or exfiltrated, as well as the number of individuals potentially affected.

No threat actor has publicly claimed responsibility for the attack. The company continues to work with cybersecurity experts to strengthen its defenses and prevent similar incidents in the future.