Healthcare IT agency CareCloud has disclosed a data breach incident that uncovered delicate knowledge and brought on a community disruption lasting roughly eight hours.
The New Jersey-based firm stated in a submitting with the U.S. Securities and Change Fee (SEC) that the intrusion occurred on March 16 when hackers accessed its IT infrastructure.
“On March 16, 2026, CareCloud, Inc. skilled a brief community disruption in its CareCloud Well being division that partially impacted the performance and knowledge entry to 1 of its 6 digital well being file environments for roughly 8 hours till the Firm totally restored all performance and knowledge entry throughout that night,” the corporate says within the SEC submitting.
After detecting the intrusion, CareCloud stated that it reported the problem to “its cybersecurity provider and engaged a number one cyber response advisory workforce, which is a part of a Large 4 accounting agency, to carry out exterior cybersecurity work and to help with securing the surroundings, in addition to to conduct a complete IT forensic investigation to find out the character and scope of this incident.”
CareCloud is a publicly traded healthcare IT agency that gives software-as-a-service (SaaS), income cycle administration, observe administration, affected person expertise administration, and digital well being file (EHR) options.
Though the unauthorized knowledge entry was restricted in scope, primarily based on the investigation’s findings up to now, CareCloud confirmed that one in all its six environments, which holds affected person well being information for its prospects, was compromised.
At present, it’s unclear what number of people are impacted. The corporate defined that an investigation has began to find out which kinds of knowledge have been accessed and/or exfiltrated.
BleepingComputer has reached out to CareCloud for a touch upon the matter, and we are going to replace this publish once we obtain an announcement.
In the meantime, CareCloud underlined that there’s no influence on different platforms, divisions, techniques, or environments, and warranted that the attacker not has entry to its database.
All affected techniques have been totally restored, and the corporate is working with exterior cybersecurity consultants to strengthen its security measures to forestall related incidents from recurring.
BleepingComputer couldn’t discover a ransomware group taking credit score for the assault on CareCloud.
Automated pentesting proves the trail exists. BAS proves whether or not your controls cease it. Most groups run one with out the opposite.
This whitepaper maps six validation surfaces, reveals the place protection ends, and supplies practitioners with three diagnostic questions for any instrument analysis.
