CareCloud Data Breach: Hackers Stole Patient Accessed Infrastructure

A prominent healthcare technology provider has formally disclosed a significant cybersecurity incident. The breach involved unauthorized access to its IT infrastructure.

An unauthorized actor compromised one of the company’s electronic health record (EHR) systems, raising concerns over possible exposure of sensitive patient data.

The security breach initially unfolded on March 16, 2026. The intrusion caused a temporary network disruption specifically targeting the CareCloud Health division.

The cyberattacks partially disrupted functionality and limited data access in one of the company’s six EHR environments, but the incident response team contained the threat the same day it was detected.

CareCloud Cyberattack

CareCloud swiftly activated its incident response protocols and fully restored system operations and data access by the evening of March 16, limiting downtime to about eight hours.

The healthcare technology firm immediately reported the security breach to appropriate law enforcement agencies and notified its cybersecurity insurance carrier.

To determine the full scope of the intrusion, CareCloud engaged a prominent cyber response advisory team from a Big Four accounting firm.

These external forensic experts are currently conducting a comprehensive technical investigation to trace the attackers’ network movements and identify the initial access vector.

While the threat actors have been completely locked out of the network, the forensic investigation remains active. The compromised IT environment primarily stores patient health records.

Security researchers are systematically assessing the infrastructure to determine whether the hackers successfully accessed or exfiltrated this protected health information.

The forensic team is working to categorize the exact volume and types of sensitive data exposed during the eight-hour window.

Despite the swift containment, CareCloud officially classified the cyberattack as a material incident on March 24, 2026, under the SEC’s Item 1.05 disclosure rules.

The company reached this conclusion due to the highly sensitive medical data stored on the affected servers, as noted in a Form 8-K filing.

CareCloud executives noted that while the breach has not materially impacted current financial operations, the potential downstream consequences necessitate public disclosure.

These consequences include anticipated remediation costs, stringent regulatory notification requirements, and possible reputational damage among patients and business counterparties.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.