CareCloud, Inc., a publicly traded healthcare IT provider serving more than 40,000 medical providers across the United States, has confirmed a cybersecurity incident that resulted in unauthorized access to patient health information. The New Jersey-based company disclosed the breach in a March 27, 2026 filing with the U.S. Securities and Exchange Commission (SEC), stating that attackers gained access to one of its six electronic health record (EHR) environments on March 16.
The intrusion caused an 8 hour network disruption within the company’s CareCloud Health division before systems were fully restored that evening. CareCloud confirmed that the compromised environment contained patient health records for its healthcare customers, though the full scope of affected individuals remains under investigation. The company has engaged a Big Four accounting firm to conduct a comprehensive forensic investigation and is working to determine which specific data elements were accessed or exfiltrated during the breach.
Company Background
CareCloud provides cloud-based software-as-a-service (SaaS) solutions to more than 2,600 medical practices, hospitals, and health systems in all 50 states. The company offers a comprehensive platform that includes electronic health records, practice management software, revenue cycle management, patient experience management, and AI-driven clinical documentation tools. With approximately 4,000 employees worldwide, CareCloud trades on NASDAQ under the ticker symbol CCLD.
Incident Timeline and Response
According to the SEC filing, CareCloud detected the unauthorized access on March 16, 2026, and immediately began containment efforts. The company reported the incident to its cybersecurity insurance carrier and engaged external cybersecurity experts to secure the environment and conduct forensic analysis. All affected functionality and data access were restored within approximately 8 hours of the initial detection.
CareCloud emphasized that only one of its six EHR environments was impacted, with no evidence of compromise to other platforms, divisions, systems, or environments. The company confirmed that the threat actor no longer has access to its systems and that all affected services are fully operational.
Potential Data at Risk
- Patient names and demographic information
- Medical record numbers
- Diagnosis and treatment information
- Prescription and medication data
- Lab results and test information
- Health insurance details
- Provider notes and clinical documentation
Materiality Determination
In its SEC filing, CareCloud stated that as of March 24, 2026, the company determined the incident to be material due to the sensitivity of potentially affected information and the possible consequences for patients, customers, and the company’s reputation. The disclosure also cited potential costs related to remediation, response, legal matters, regulatory compliance, and required notifications.
Investigation Status
The forensic investigation is ongoing to determine the exact nature and scope of data accessed during the breach. CareCloud has not disclosed an estimated timeline for completing the investigation or when affected individuals will be notified. No ransomware group has publicly claimed responsibility for the attack, and the company has not indicated whether this was a ransomware incident or another form of cyberattack.
Healthcare Sector Targeting
This breach adds to a growing list of healthcare technology companies targeted by cybercriminals in 2026. Healthcare organizations remain high-value targets due to the sensitive nature of protected health information (PHI) and the critical operational impact of system disruptions.
CareCloud has stated it is implementing additional security measures to strengthen its infrastructure and prevent future incidents. The company continues to assess the full impact of the breach and has committed to notifying affected individuals once the investigation determines the scope of compromised data.
