CareCloud reports data breach exposing patient medical records

Healthcare technology company CareCloud has confirmed that unauthorised actors gained access to one of its repositories containing patients’ electronic health records during a data breach earlier this month.

In a disclosure submitted to the U.S. Securities and Exchange Commission last Friday, the company stated that it detected unauthorised access on March 16 within one of the six environments used to store patient medical and healthcare data. According to CareCloud, the attackers maintained access to this specific records environment for more than eight hours. The company noted that it remains unclear whether any data was exfiltrated during the incident or which categories of information may have been taken, if any extraction occurred.

CareCloud said it believes the threat actors are no longer present in its systems after restoring affected environments on the same day the breach was discovered. The company has also engaged an external cybersecurity firm to carry out a detailed investigation into the incident.

The company did not disclose the number of individuals potentially impacted by the breach. CareCloud provides healthcare technology services, including electronic health record storage solutions, to more than 45,000 healthcare providers. These include physicians and medical professionals operating across thousands of hospitals and clinical practices, collectively serving millions of patients, according to the company’s annual report submitted to investors earlier in March.

Providers of electronic health record systems are often targeted by financially motivated cybercriminal groups, which seek to obtain sensitive personal and medical data that can be used for extortion or sold on illicit markets. In 2024, a major ransomware attack carried out by Russian cybercriminals on Change Healthcare resulted in the theft of a significant portion of health records in the United States, causing widespread system outages and delays in healthcare services that lasted for months.

It remains unclear whether the recent incident at CareCloud involved any data destruction or whether the attackers have issued ransom demands. A spokesperson for the company did not respond to requests for comment. Additional questions were raised about how CareCloud manages and stores patient data across its six environments — including whether these systems operate independently or whether some serve as backups for others. The company has not yet provided clarification on these points.

Publicly available internet records indicate that a substantial portion of CareCloud’s data and file infrastructure is hosted on Amazon Web Services.

In its SEC filing, CareCloud stated that on March 24, it determined the breach was significant enough to potentially have a material impact on its business, triggering a legal requirement to notify investors. While the company indicated that the incident is not expected to have a material effect on its financial condition, it acknowledged that the investigation is ongoing and further findings may emerge.