CareCloud confirmed a major data breach on March 16, 2026, when hackers accessed one of its six EHR systems in the CareCloud Health division, serving 45,000+ U.S. doctors and clinics. The eight-hour outage disrupted medical services nationwide, with a forensic investigation underway to check if patient PHI—like histories and IDs—was stolen. SEC 8-K filing reveals quick containment, but no affected numbers yet; HIPAA notifications loom.
On March 27, CareCloud filed an 8-K report with the SEC revealing that an unnamed third party had accessed one of its EHR systems. The company quickly restored the system and contained the threat, though a forensic investigation is still underway. Authorities are now working to establish whether the sensitive patient data — medical history, personal identifiers and other information — was compromised or stolen. The total number of people affected has not yet been revealed.
This would be a huge blow for CareCloud. Headquartered in New Jersey, the publicly traded company has a gross income of $120.5 million and sells electronic health record (EHR) and practice management software. The hackers kept the data accessible for eight hours, bringing a significant disruption to the clinics that rely on the company’s services. The incident has been reported to law enforcement, cyber insurance providers and third-party cybersecurity experts. The company maintains that its other platforms are secure.
Healthcare data breaches are becoming more frequent. It was in 2026 the industry was rocked by temple shaking attacks of Change Healthcare and UnitedHealth. CareCloud has Business Associate Agreements (BAA) and is thus subject to HIPAA. By law, the firm must alert affected patients within 60 day of the event. If data exfiltration is involved in this case, the Protected Health Information (PHI) of potentially hundreds of thousands of people may be compromised.
What I can find of CareCloud’s history, the company has been cloud-based since 2009. Its platforms support remote access, medical billing and telemedicine services. But cyber threats have grown increasingly perilous, with attacks like ransomware and phishing all too common. The company has since increased its security protocols, but rebuilding trust is no easy feat.
What does this mean, and what can be done? Clinics that were affected should change passwords, and check their Two-Factor Authentication (2FA) settings. They advised patients to sign up for credit monitoring services. CareCloud has made updates to its clients, but we need more transparency on this one. This event highlights a need for the healthcare IT sector that strikes painfully close to home — specifically, it speaks to the urgency of “cyber hygiene” (regular security audits and employee testing) and AI-based threat detection systems.
The stock market is also affected by the incident, with CareCloud’s shares in decline, and it is also estimated to cost between $10 million and $50 million financial losses through data breach. However, the company has stressed that its business activities continue as normal. The entire industry must work together in a concerted effort to prevent attacks like these moving forward.
CareCloud and other companies serve as custodians of patient data. This incident is an alarming reminder that security should be a priority across the digital health ecosystem. More information about the continuing search will follow.
