CareCloud Reports Unauthorized Access to Electronic Health Record System on March 16

CareCloud, a healthcare technology company, reported an unauthorized access incident involving one of its electronic health record environments. The breach occurred on March 16 and lasted about eight hours. The company has not confirmed whether any patient data was accessed or exfiltrated.

U.S. Securities and Exchange Commission, attackers gained entry to this specific environment. CareCloud operates multiple such environments for storing patient records. The incident was isolated and did not impact other systems or platforms.

engaged outside cybersecurity experts to assist with the investigation.

The company has not provided details on the specific information potentially involved. As of the latest update, investigators are reviewing the possible exposure of data. Public records indicate that CareCloud's infrastructure relies in part on Amazon Web Services, a cloud platform commonly used in healthcare for scalability.

However, technical details on data separation or backups across systems remain undisclosed. CareCloud did not respond to requests for additional comment before the reporting deadline.

serves more than 45,000 providers and supports millions of patients across the United States.

Healthcare systems hold sensitive information such as names, Social Security numbers, and medical histories. Previous incidents, such as the Change Healthcare ransomware attack, have disrupted services nationwide and highlighted vulnerabilities in interconnected healthcare infrastructure. The stakes involve potential risks to patient privacy and operational continuity.

If data exposure is confirmed, affected individuals may receive notifications in the coming weeks or months. Regulatory requirements mandate reporting significant breaches to authorities and impacted parties.

The ongoing investigation will determine the full scope of the incident.

CareCloud has contained the access, reducing immediate threats to other environments. Patients whose providers use CareCloud services may monitor their medical statements for unrecognized activity and consider identity monitoring options. Broader implications include heightened scrutiny on cloud-based healthcare security.

Industry experts emphasize the need for robust controls to protect against unauthorized access. Updates from CareCloud are expected as the review progresses.