Search

CareCloud Says Hackers Stole Patient Data After Breach Disrupted One EHR Environment

Cyber threats and incidents
By Evan Rowe
Credit: CareCloud

Related

Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in Illinois Financial Services Industry

Illinois remains one of the country’s most important financial...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s Video Game Industry

California’s video game industry runs on always-on platforms, global...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s Media & Entertainment Industry

California’s media and entertainment sector depends on cybersecurity leaders...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s Insurance Industry

California’s insurance sector depends on cybersecurity leaders who can...
Read more
Founders, Analysts & Industry Voices

CISOs to Watch in California’s Automotive Industry

California’s automotive sector is being reshaped by electrification, connected...
Read more

Share

What happened

CareCloud disclosed a data breach after hackers accessed its IT infrastructure on March 16, 2026, causing a network disruption in its CareCloud Health division. The company said the incident partially impacted the functionality and data access of one of its six electronic health record environments for about eight hours before full functionality and access were restored later that evening. CareCloud said the compromised environment holds patient health records for customers and confirmed that unauthorized access was limited to that environment based on findings so far. The company also said it engaged its cybersecurity carrier and an external cyber response advisory team from a Big Four accounting firm to help secure the environment and conduct a forensic investigation into the nature and scope of the incident. 

Who is affected

The direct exposure affects customers whose patient health records were stored in the one compromised CareCloud environment. The company said it is still investigating which types of data were accessed or exfiltrated and has not yet said how many individuals were impacted. 

Why CISOs should care

This incident matters because it involved unauthorized access to an electronic health record environment inside a healthcare technology provider’s infrastructure, with confirmed patient-record exposure and temporary disruption to system availability. It also shows how a breach in one segmented environment can still trigger forensic review, external response engagement, and follow-on security hardening. 

3 practical actions

  1. Confirm environment-level containment: Verify exactly which hosted environments were affected and whether segmentation held, since CareCloud said one of its six electronic health record environments was compromised while the others were not impacted. 
  2. Scope patient-data exposure precisely: Determine which categories of patient health record data were accessed or exfiltrated before finalizing notifications and response obligations. 
  3. Use the incident to test recovery expectations: Measure whether critical healthcare systems can be fully restored within acceptable downtime thresholds when one environment loses functionality and data access. 

For more news about incidents involving exposure of sensitive records, click Data Breach to read more.

Previous article
Female Cybersecurity Leaders to Watch in Telecommunications
Next article
New RoadK1ll WebSocket Implant Used to Pivot on Breached Networks
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in Illinois Financial Services Industry

Illinois remains one of the country’s most important financial...
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s Video Game Industry

California’s video game industry runs on always-on platforms, global...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.