RSS
← All articles
breach
2026-03-31

CareCloud confirms hackers accessed patient health records in 8-hour breach

Healthcare software company CareCloud disclosed to the SEC that hackers breached one of its six electronic health record environments on March 16, gaining access to patient medical data for approximately eight hours. The company serves over 40,000 healthcare providers. It's still investigating whether data was exfiltrated, but classified the incident as material on March 24 due to the sensitivity of the records. No ransomware group has claimed the attack.

carecloudhealthcareehrdata-breachhipaa
Check
If your organization uses CareCloud Health for EHR, contact CareCloud for specifics on whether your environment was affected.
Affected
CareCloud Health EHR platform users. One of six EHR environments was compromised.
Fix
Monitor for CareCloud's breach notification updates. Review access logs for unusual activity around March 16. Ensure MFA is enforced on all EHR system access. Prepare for potential patient notification requirements.
Related Articles
breachTelehealth aggregator OpenLoop Health confirms 716,000 patient records stolen in a 24-hour intrusion in January - downstream consumer brands still unnamed
vulnerabilityAI security tool finds 38 previously unknown bugs in OpenEMR, the open-source health records system used by 100,000 healthcare providers - two of them rated maximum severity
breachBooking.com confirms data breach exposing guest reservation details - phishing wave already targeting travelers