CareCloud has confirmed that hackers gained unauthorized access to one of its electronic health record environments on March 16, 2026.
This intrusion lasted more than 8 hours, affecting access to certain systems within its CareCloud Health division before full restoration later that same day.
At this stage, the company has not confirmed whether any data was exfiltrated or what specific types of patient information may have been involved, and or how many individuals could be affected.
Across its network, CareCloud supports more than 45,000 healthcare providers across hospitals and medical practices, covering millions of patients, so even limited access can carry significant implications.
The company has stated that the attacker no longer has access and that all systems are now operational, while a forensic investigation continues.
Why It Matters: Unauthorized access to healthcare systems creates lasting risk because the data involved, including medical histories and insurance details, cannot be easily replaced or reset. This means any exposure can follow patients for years. When it remains unclear what was accessed, providers and patients are left without clear next steps, extending uncertainty and making it harder to contain potential harm. Even a short disruption or unanswered questions around data integrity can ripple into care delays, billing issues, and a loss of trust in the systems people rely on.
- Confirmed Intrusion with Unanswered Data Questions: Attackers accessed a system storing patient records for over 8 hours. CareCloud has not determined whether any data was copied, removed, or otherwise accessed in a way that creates exposure. The lack of clarity around what information may have been involved leaves open a range of potential risks.
- Limited System Impact with Unclear Architecture Details: The company stated that only 1 of 6 electronic health record environments was affected and that other platforms and divisions were not impacted. It has not explained how these environments are structured or whether they connect in ways that could extend access. This gap makes it harder to determine how far the intrusion may have reached.
- Temporary Disruption Highlights Operational Sensitivity: The intrusion caused a network disruption that affected functionality and limited access to data for several hours. Even a short outage can delay patient care and slow down routine operations within healthcare settings. These interruptions can also create lingering inefficiencies as systems return to normal and workflows catch up.
- Large Provider Network Expands Potential Exposure Range: CareCloud delivers software and services that support electronic health records and other operational needs for healthcare providers. Its customer base includes a large number of providers across a wide range of care settings. This reach means any confirmed exposure could affect a large number of patients.
- Active Investigation and Disclosure Obligations Underway: The company reported the incident to its cybersecurity insurer and brought in external specialists to conduct a forensic investigation. CareCloud also disclosed the incident in an SEC filing after determining it could have a material business impact, while stating that financial effects are not expected at this stage.
Healthcare tech firm CareCloud says hackers stole patient data – Bleeping Computer
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.
