Healthcare technology giant CareCloud has confirmed that hackers accessed one of its electronic patient health record stores during a data breach earlier this month.
THE Revelationfiled with the US Securities and Exchange Commission last Friday, said the company detected unauthorized access on March 16 to one of six environments where it stores patients’ medical and healthcare records. The hackers had access to that medical records storage for more than eight hours, the company said, but it was not yet known if the hacker leaked any data or what kind of data may have been stolen, if so.
The health tech giant said it believed the hackers were no longer on its network after restoring its systems the same day, and called in an unspecified cybersecurity firm to investigate.
CareCloud did not say how many people were affected by the breach. The company provides healthcare technology, including electronic health record storage, to more than 45,000 providers, including physicians and physicians in thousands of hospitals and practices, serving millions of patients, according to the company annual report to investors filed earlier in March.
Electronic health record providers are rich targets for financially motivated cybercriminals, who steal personal data and demand a ransom to keep it from being published. In 2024, Russian cybercriminals stole most of America’s health records in a ransomware attack on Change Healthcare, leading to widespread outages and delayed healthcare for months.
It is unclear if the recent cyber attack on CareCloud resulted in data destruction or if the hackers have contacted the company with any demands. A representative for CareCloud did not respond to a request for comment. We also asked how CareCloud stores patient data, such as whether the company stores patient data across its six environments or whether some of the environments back up the others. We will update if we have any news.
According to CareCloud’s public online filings, much of the company’s files and data are hosted on Amazon Web Services.
CareCloud said in its SEC disclosure that on March 24 it determined that the incident was significant enough to have a significant impact on its business and was legally required to notify its investors. CareCloud said the breach was unlikely to affect the company’s financial position, but admitted its investigation remains ongoing.
Know more about the CareCloud data breach? Do you work at CareCloud and are you aware of its security practices? Contact this reporter via encrypted message at zackwhittaker.1337 at Signal.
