Health data giant CareCloud says hackers accessed patients’ medical records

Healthcare exertion elephantine CareCloud has confirmed that hackers accessed 1 of its stores of patients’ physics wellness records during a information breach earlier this month.

The disclosure, filed with the U.S. Securities and Exchange Commission past Friday, said the institution detected unauthorized entree connected March 16 to 1 of six environments wherever it stores patients’ aesculapian and healthcare records. The hackers had entree to this aesculapian records retention for much than 8 hours, the institution said, but that it was not yet known if the hacker exfiltrated immoderate data, oregon what types of information whitethorn person been stolen, if so.

The wellness tech elephantine said it believes the hackers are nary longer successful its web aft restoring its systems the aforesaid day, and has called successful an unspecified cybersecurity institution to investigate.

CareCloud did not accidental however galore radical were affected by the breach. The institution provides healthcare technology, including physics wellness records storage, for much than 45,000 providers, including doctors and physicians astatine thousands of hospitals and aesculapian practices, covering millions of patients, according to the company’s annual study to investors filed earlier successful March.

Electronic wellness grounds providers are affluent targets for financially motivated cybercriminals, which bargain idiosyncratic information and request a ransom to not people it. In 2024, Russian cybercriminals stole astir of America’s wellness records successful a ransomware onslaught connected Change Healthcare, starring to wide outages and delayed healthcare for months.

It’s not wide if the caller cyberattack connected CareCloud resulted successful immoderate information demolition oregon if the hackers person contacted the institution with immoderate demands. A spokesperson for CareCloud did not respond to a petition for comment. We besides asked however CareCloud stores diligent information crossed its six information stores, specified arsenic whether the institution stores patients’ information crossed its six environments oregon if immoderate of the environments store backups of the others. We volition update if we perceive back.

According to CareCloud’s nationalist net records, overmuch of the company’s files and information are hosted connected Amazon Web Services.

CareCloud said successful its SEC disclosure that it determined connected March 24 that the incidental was important capable to person a worldly interaction connected its concern and was legally required to alert its investors. CareCloud said the breach is improbable to impact the company’s fiscal position, but conceded that its probe remains nether way.

Do you cognize much astir CareCloud’s information breach? Do you enactment astatine CareCloud and cognize astir its information practices? Contact this newsman via encrypted connection astatine zackwhittaker.1337 connected Signal.