Healthcare technology giant CareCloud has admitted that hackers gained access to one of its stores of patient electronic medical records during a data breach earlier this month.
The disclosure document, filed last Friday with the U.S. Securities and Exchange Commission, said the company detected unauthorized access on March 16 to one of six environments where patient medical and health care records are stored. The company said the hackers had access to the medical records storage for more than eight hours, but it’s still unclear whether or what type of data was leaked by the hackers.
The health tech giant said it believed the hacker was no longer on its network after restoring its systems the same day and had hired an unspecified cybersecurity firm to investigate.
CareCloud did not say how many people were affected by the breach. The company provides healthcare technology, including electronic medical record storage, to more than 45,000 healthcare providers, including physicians in thousands of hospitals and clinics, and covers millions of patients, according to the company’s annual report to investors filed in early March.
Electronic health record providers are popular targets for financially motivated cybercriminals who steal personal data and demand a ransom not to release it. In 2024, Russian cybercriminals stole most of America’s medical records in a ransomware attack on Change Healthcare, leading to massive service outages and months-long health care delays.
It’s unclear whether the recent cyber attack on CareCloud resulted in data destruction or whether the hackers contacted the company with any demands. A CareCloud spokesperson did not respond to a request for comment. We also asked how CareCloud stores patient data, including whether it stores patient data across its six environments and whether some environments store backups of others. I’ll update if I get a response.
CareCloud’s public internet records show that much of the company’s files and data are hosted on Amazon Web Services.
CareCloud said in an SEC disclosure document that it determined on March 24 that the incident was significant enough to materially impact its business and that it was legally obligated to alert investors. CareCloud said the breach is unlikely to impact its financial position, but acknowledged that the investigation is still ongoing.
Do you know more about the CareCloud data breach? Do you work for CareCloud and know about its security practices? Contact this reporter via encrypted message at zackwhittaker.1337 on Signal.
Source link
