CareCloud Discloses Material Data Breach Affecting Electronic Health Record Environment

CareCloud, Inc., a New Jersey-based healthcare technology provider, reported a material cybersecurity incident to the U.S. Securities and Exchange Commission (SEC) on March 16, 2026.

An attacker gained to a segment of the provider's network and caused a eight-hour service disruption and data breach for one of the company's six EHR environments. CareCloud's internal teams restored full access the same evening the incident was discovered. The company believes the breach was contained to this single environment and did not migrate to other platforms or corporate systems. The compromised environment stores sensitive patient data used by healthcare providers. 

The compromised data includes:

• Patient information
• Electronic health records (EHR)

The nature of the attack and the number of affected individuals is not disclosed. CareCloud hired a cyber response advisory team to conduct an investigation and secure the environment. The company notified law enforcement and its cybersecurity insurance carrier immediately. All affected systems were restored within eight hours of the initial disruption. 

Affected patients should review their medical billing statements for any unrecognized services and monitor their credit reports for suspicious activity.