Healthcare IT firm CareCloud said hackers accessed its systems on March 16, exposing sensitive patient data and disrupting one electronic health record environment for about eight hours before service was restored.
KEY FACTS
- Incident Unauthorized access hit one of six EHR environments.
- Impact The disruption affected functionality and data access for about eight hours.
- Response The company brought in outside cyber response and forensic investigators.
- Unknowns The number of affected individuals and the data types accessed are still under review.
In an SEC filing, the New Jersey-based company said the intrusion occurred in its CareCloud Health division and partially affected one of its six electronic health record environments. The company said all functionality and data access were fully restored that evening.
CareCloud said it reported the issue to its cybersecurity carrier and brought in a cyber response advisory team from a Big Four accounting firm to help secure the environment and carry out a forensic investigation. The disclosure said the attacker no longer has access to the database.
The company said there was no impact on other platforms, divisions, systems or environments. It is still determining which types of data were accessed or taken, and how many people may be affected.
WHY IT MATTERS
The case shows how even a limited intrusion at a healthcare technology provider can disrupt access to patient records and trigger a broader privacy review. The final scope of the exposure will depend on the forensic findings.