CareCloud hit by breach, patient health records at risk
Healthcare software provider CareCloud has experienced a “temporary network disruption,” partially impacting the functionality and data access to one of its electronic health environments.
The network disruption, which occurred on March 16th, lasted approximately eight hours and impacted one of CareCloud’s electronic health environments that stored patient health records.
Upon discovery of the incident, the company launched an investigation into its scope and nature with the help of external cybersecurity experts. The incident has also been reported to the company’s cybersecurity carrier and relevant law enforcement authorities.
IT experts have fully restored all functionality and data access during that evening. They believe that the incident was caused by “an unauthorized third party” who temporarily had access to the company’s system. So far, no extortion group has claimed responsibility.
“The company further believes that the incident was contained to the CareCloud Health environment and did not affect the Company’s other platforms, divisions, systems, data, or environments,” CareCloud says in an 8-K Filing addressed to the Securities and Exchange Commission (SEC).
As of writing, CareCloud can’t say for sure whether any sensitive or personal patient information has been exfiltrated, what categories, or what volume of data.
The healthcare software provider believes that all costs and potential losses of the security incident will be covered by its cybersecurity insurance. To date, the incident hasn’t had a material impact on the company’s operations.
CareCloud is an American healthcare IT company and software provider to hospitals and medical practices that serves over 45,000 providers. They offer electronic health record systems as well as digital revenue and business products. It employs around 3,650 workers and reported a revenue of $120.5 million last year.
Unlock more exclusive Cybernews content on YouTube.
