CareCloud Says Hackers Stole Patient Data After Breach Disrupted One EHR Environment

Related

KDDI Confirms Zero-Day Exploit Behind Breach Affecting 12 Million People

What happened KDDI has updated its earlier breach disclosure, confirming...

Aflac Japan Data Breach Impacts 4.38 Million Customers and Agents

What happened Aflac Life Insurance Japan disclosed a data breach...

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day Attacks

What happened Nissan disclosed a data breach affecting current and...

KDDI Breach Exposes Up to 14.2 Million Email Logins at Six ISPs

What happened Japanese telecommunications operator KDDI disclosed a data breach...

Xsolis Data Breach Affects 1.4 Million Individuals

What happened Healthcare technology company Xsolis disclosed a data breach...

Share

What happened

CareCloud disclosed a data breach after hackers accessed its IT infrastructure on March 16, 2026, causing a network disruption in its CareCloud Health division. The company said the incident partially impacted the functionality and data access of one of its six electronic health record environments for about eight hours before full functionality and access were restored later that evening. CareCloud said the compromised environment holds patient health records for customers and confirmed that unauthorized access was limited to that environment based on findings so far. The company also said it engaged its cybersecurity carrier and an external cyber response advisory team from a Big Four accounting firm to help secure the environment and conduct a forensic investigation into the nature and scope of the incident. 

Who is affected

The direct exposure affects customers whose patient health records were stored in the one compromised CareCloud environment. The company said it is still investigating which types of data were accessed or exfiltrated and has not yet said how many individuals were impacted. 

Why CISOs should care

This incident matters because it involved unauthorized access to an electronic health record environment inside a healthcare technology provider’s infrastructure, with confirmed patient-record exposure and temporary disruption to system availability. It also shows how a breach in one segmented environment can still trigger forensic review, external response engagement, and follow-on security hardening. 

3 practical actions

  1. Confirm environment-level containment: Verify exactly which hosted environments were affected and whether segmentation held, since CareCloud said one of its six electronic health record environments was compromised while the others were not impacted. 
  2. Scope patient-data exposure precisely: Determine which categories of patient health record data were accessed or exfiltrated before finalizing notifications and response obligations. 
  3. Use the incident to test recovery expectations: Measure whether critical healthcare systems can be fully restored within acceptable downtime thresholds when one environment loses functionality and data access. 

For more news about incidents involving exposure of sensitive records, click Data Breach to read more.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.