CareCloud Healthcare Software Breach Exposes Patient Data in Potential Leak Healthcare software provider CareCloud disclosed a cybersecurity incident that may have exposed patient electronic health records (EHR) after hackers breached one of its systems. The company filed a notice with the Securities and Exchange Commission (SEC) on March 24, revealing that a March 16 network disruption temporarily compromised an EHR environment for eight hours. An investigation confirmed that an unauthorized actor gained access to the system, though the extent of data exposure remains under assessment. CareCloud, which serves over 45,000 healthcare providers and reported $120.5 million in revenue last year, stated it is still determining whether patient information was accessed or exfiltrated, including the volume and categories of affected data. The company has not disclosed the number of impacted individuals. The incident was initially reported to law enforcement but was later deemed "material" due to the sensitivity of the data and potential consequences, including remediation costs, legal and regulatory fallout, reputational damage, and operational disruptions. Only one of six EHR environments was affected, and no other CareCloud platforms were compromised. No hacking group has claimed responsibility as of March 27. This breach follows a string of recent attacks on healthcare technology firms, including: - Insightin, where 1.1 million records were stolen in a September 2023 incident reported earlier this month. - TriZetto Provider Solutions, which exposed 3 million records in a 2024 breach. - Episource, where 5 million individuals were affected by a separate attack this year. CareCloud has not responded to requests for further details. The investigation into the breach is ongoing.