Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Healthcare technology giant CareCloud has confirmed that hackers gained access to one of its stores for patient electronic health records during a data breach earlier this month.
the RevealThe company discovered unauthorized access on March 16 to one of six environments in which it stores patients’ medical and healthcare records, the company said in its filing with the US Securities and Exchange Commission last Friday. The company said the hackers were able to access the medical records store for more than eight hours, but it is not yet known whether the hacker leaked any data, or what types of data may have been stolen, if so.
The health tech giant said it believed the hackers were no longer in its network after its systems were restored the same day, and called on an unspecified cybersecurity firm to investigate.
CareCloud did not say how many people were affected by the hack. The company provides healthcare technology, including electronic health record storage, to more than 45,000 providers, including physicians and clinicians at thousands of hospitals and medical practices, covering millions of patients, according to the company report. Annual report to investors Filed earlier in March.
EHR providers are rich targets for financially motivated cybercriminals, who steal personal data and demand ransoms for not publishing it. In 2024, Russian cybercriminals stole most of America’s health records at once Ransomware attack on Change HealthcareThis led to widespread service outages and healthcare delays for several months.
It’s not clear whether the recent cyberattack on CareCloud destroyed any data or whether hackers have contacted the company to make any demands. A CareCloud spokesperson did not respond to a request for comment. We also asked how CareCloud stores patient data, such as whether the company stores patient data across its six environments or whether some environments store backups of others. We’ll update if we hear back.
According to CareCloud’s public internet records, much of the company’s files and data are hosted on Amazon Web Services.
CareCloud said in its SEC filing that it determined on March 24 that the incident was significant enough to have a material impact on its business and was legally required to alert its investors. CareCloud said the hack was unlikely to impact the company’s financial situation, but acknowledged that its investigations were still ongoing.
Do you know more about the CareCloud data breach? Do you work at CareCloud and know its security practices? Contact this reporter via encrypted message at zackwhittaker.1337 on Signal.