CareCloud said an unauthorized third party briefly disrupted one of its six electronic health record environments on March 16, restoring access that evening as investigators assess possible patient data exposure.
In a March 27 SEC filing, the Somerset, New Jersey-based company said an unauthorized third party temporarily accessed part of its CareCloud Health division on March 16, partially disrupting functionality and data access in one of six electronic health record environments for about eight hours before full restoration that evening. The company said it notified its cyber insurer, engaged outside cyber-response specialists and reported the matter to law enforcement.
CareCloud said it believes the incident was contained to that single CareCloud Health environment and that its other platforms, divisions, systems and data environments were not affected. The company said the affected environment stores patient information and that it is still assessing whether data was accessed or exfiltrated, including the categories and volume involved. It also said the actor no longer has access and that remediation is underway.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
There is no public evidence linking CareCloud’s incident to Vanderbilt University Medical Center’s outage the same day. Vanderbilt told Becker’s the disruption was not tied to a cyberattack or ransomware event, and public accounts varied, with reports pointing to Epic or to software upgrades, suggesting a separate technical issue rather than any known connection to CareCloud.
CareCloud provides cloud-based software, revenue-cycle management and related services to healthcare providers nationwide. In its 2024 annual report, the company said it served about 40,000 providers across roughly 2,600 independent medical practices and hospitals in all 50 states.
The incident fits a broader pattern of cyberattacks affecting healthcare vendors beyond hospitals themselves. Recent incidents at medical technology companies including Stryker and Masimo underscore how attacks on software, service and equipment providers can create operational risk across the healthcare sector.
CareCloud said the incident had not materially affected operations as of the filing date, but said it deemed the matter material because of the sensitivity of potentially affected patient information and the possibility of remediation, notification, legal, regulatory and reputational consequences. More disclosures or notifications could follow if the review confirms data access or exfiltration.
