CareCloud Confirms Data Breach Exposing Patients' Medical Records

Health technology giant CareCloud has confirmed a data breach exposing patients' electronic health records, with hackers accessing sensitive information for over eight hours.

CareCloud, a leading provider of healthcare technology, including electronic health records storage, has confirmed a data breach that exposed patients' medical records. The company detected unauthorized access to one of its stores of patients' electronic health records on March 16, with hackers maintaining access for over eight hours. The breach is currently under investigation, with CareCloud calling in an unspecified cybersecurity firm to restore its systems.

• CareCloud provides healthcare technology to over 45,000 providers, including doctors and physicians at thousands of hospitals and medical practices, covering millions of patients.
• The company stores patients' data across its six environments, with some environments storing backups of the others.
• It's unclear if the hackers exfiltrated any data or what types of data may have been stolen.
• CareCloud has not disclosed how many people were affected by the breach.

"We believe the hackers are no longer in our network after restoring our systems the same day," a spokesperson for CareCloud said in a statement.

CareCloud's disclosure comes as the healthcare industry continues to grapple with the threat of cyberattacks. In 2024, Russian cybercriminals stole most of America's health records in a ransomware attack on Change Healthcare, leading to widespread outages and delayed healthcare for months.

The company has assured its investors that the breach is unlikely to affect its financial position, but the investigation remains ongoing. CareCloud has not commented on whether the hackers have contacted the company with any demands.

How CareCloud Stores Patient Data

CareCloud's public internet records reveal that much of the company's files and data are hosted on Amazon Web Services. However, it's unclear whether the company stores patients' data across its six environments or if some of the environments store backups of the others.

Investigation Ongoing

CareCloud has called in an unspecified cybersecurity firm to investigate the breach and restore its systems. The company has assured its investors that the breach is unlikely to affect its financial position, but the investigation remains ongoing.

"We will update if we hear back from CareCloud regarding their storage practices," a spokesperson for the company said.