186/69 Wednesday, April 1, 2026
CareCloud, Inc., a healthcare company based in New Jersey, disclosed in a filing with the U.S. Securities and Exchange Commission (SEC) that it detected a system intrusion on March 16, 2026. The incident caused a temporary disruption to CareCloud Health services for approximately eight hours. It impacted one of the company’s six electronic health record (EHR) systems, affecting operations and data access before full recovery was completed later that same day.
Following the detection, the company notified its cyber insurance provider and engaged external incident response experts to secure systems and conduct digital forensic investigations. Preliminary findings indicate that access was limited in scope; however, CareCloud confirmed that one of the EHR systems containing patient records was accessed. The company is still assessing the extent of the breach and has not yet determined the number of affected individuals or the specific types of data that may have been accessed or exfiltrated.
CareCloud stated that the threat actors no longer have access to its systems and that other platforms, business units, and services were not affected. The impacted system has been fully restored, and the company is working with external specialists to strengthen its security posture and prevent similar incidents in the future. As of now, no ransomware group has claimed responsibility for the attack.