The technology leader in healthcare, CareCloud, has announced that its patients’ electronic health records were compromised by hackers during a recent data breach this month.

The report, submitted to the U.S. Securities and Exchange Commission last Friday, indicated that unauthorized access was detected on March 16 within one of the six environments where the company keeps patients’ medical and healthcare records. According to the company, the hackers had unauthorized access to this medical records storage for over eight hours, although it is still unclear if any data was exfiltrated, or what specific data might have been taken, if at all.

The health technology company stated that it believes the hackers are no longer within its network after the systems were restored on the same day, and has engaged an undisclosed cybersecurity firm to conduct an investigation.

CareCloud did not specify how many individuals were impacted by the breach. The organization offers healthcare technology solutions, including electronic health records storage, for over 45,000 providers, including numerous doctors and healthcare professionals at thousands of hospitals and medical practices, thereby serving millions of patients, as reported in the company’s annual investor report submitted earlier in March.

Providers of electronic health records are lucrative targets for financially motivated cybercriminals, who steal personal information and threaten to release it unless a ransom is paid. In 2024, a ransomware attack by Russian cybercriminals resulted in the theft of a significant portion of America’s health records from Change Healthcare, causing extensive outages and delayed medical care for months.

It remains unclear whether the recent cyberattack on CareCloud led to any data destruction or if the hackers have made any demands to the company. A representative from CareCloud did not return a request for comment. We also inquired about how CareCloud manages patient data, such as whether the company distributes patient data across its six environments or if some of these environments function as backups for others. We will provide updates if we receive a response.

Based on CareCloud’s public internet records, a substantial portion of the company’s files and data are hosted on Amazon Web Services.

CareCloud noted in its SEC disclosure that on March 24, it concluded that the incident was significant enough to potentially impact its business materially and was legally obligated to inform its investors. The company stated that the breach is unlikely to influence its financial situation but acknowledged that its investigation is still ongoing.

Do you have more information regarding CareCloud’s data breach? Do you work at CareCloud and have insight into its security protocols? Reach out to this reporter through an encrypted message at zackwhittaker.1337 on Signal.