Cyber Incident Victim: CareCloud
Date:
Mar 2026
Location:
United States of America
Summary
CareCloud reported that hackers gained unauthorized access to one of its six electronic health record environments, remaining inside for more than eight hours before being expelled. The company said it does not yet know whether any data was copied or what information might have been taken. After restoring affected systems, CareCloud engaged a cybersecurity firm to investigate and filed a disclosure with the SEC, noting the incident was deemed significant enough to require investor notification but unlikely to affect its financial position. The investigation continues as the company works to determine the scope and potential impact of the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 16, 2026, CareCloud detected unauthorized access to one of its six electronic health record environments. The intrusion persisted for more than eight hours before the company restored functionality the same day. CareCloud reported the incident to the U.S. Securities and Exchange Commission in a filing dated March 24, 2026. In that filing the company determined the incident was significant enough to have a material impact on its business and was legally required to alert investors. Following detection, CareCloud engaged an unspecified cybersecurity company to conduct an investigation. Later disclosures identified the engaged firm as a leading cyber response advisory team that is part of a Big Four accounting firm. The company stated that after restoring its systems it believes the threat actor no longer has any access to the compromised environment. CareCloud’s public internet records indicate that much of its files and data are hosted on Amazon Web Services. No ransomware group has claimed responsibility for the incident at the time of the reports. The investigation into whether data was accessed or exfiltrated remains ongoing.
CareCloud has not disclosed how many individuals may have been affected by the breach. The company said it was not yet known if the hacker exfiltrated any data, or what types of data may have been stolen, if so. Consequently, the categories and volume of any potentially compromised patient information remain undetermined. CareCloud provides healthcare technology, including electronic health record storage, for more than 45,000 providers across thousands of hospitals and medical practices, covering millions of patients. The company noted that the cybersecurity incident was limited to its CareCloud Health environment and did not affect other platforms, divisions, systems, data or environments. While CareCloud stated the breach is unlikely to affect its financial position, it acknowledged that it may incur expenses related to remediation, response costs, legal, regulatory and notification‑related matters. The firm notified relevant authorities after securing its infrastructure. A spokesperson for CareCloud did not respond to requests for comment regarding the incident. At press time, no hacking groups had shared details about the volume, nature, or type of data potentially stolen. The company continues to assess whether, and the extent to which, patient information or other data was accessed or exfiltrated.