📔 Topics ℹ️ About 📱 iOS App
Back to all stories
1st Lt. Coty Sicble, a health administrator with the North Dakota National Guard's 814th Army Support Medical Company based in Bismarck, gives a step-by-step narration to the audience at the simulated mass casualty exercise, Sept. 17 in Kinshasa, Democratic Republic of the Congo. U.S. Army photo b
Photo: US Army Africa from Vicenza, Italy | CC BY 2.0 | Wikimedia Commons

CareCloud Probes March 16 Breach of Electronic Health‑Record System

2h Developing 1 source 4 relevant data

CareCloud, a U.S. healthcare IT company that supports more than 45,000 medical providers, has disclosed a March 16 security breach in one of its environments that stores electronic health records, according to a filing with the Securities and Exchange Commission. The company says hackers had unauthorized access for more than eight hours before systems were restored the same day and believes the intruders have been removed from its network. CareCloud maintains that the incident was limited to a single environment and did not affect other systems, but investigators have not yet determined whether any patient data was exfiltrated or what types of information might be involved. Because CareCloud underpins back‑office systems many patients never see, security analysts warn that any confirmed data theft could fuel identity theft, insurance fraud and highly targeted scams across the country. The firm has hired outside cybersecurity experts and says its investigation is ongoing, as privacy advocates on social media continue pointing to this and the recent Change Healthcare attack as evidence that critical U.S. health infrastructure remains dangerously exposed.

Cybersecurity and Data Breaches U.S. Healthcare System

📌 Key Facts

  • CareCloud reported that attackers gained unauthorized access to one of its electronic health‑record environments on March 16 and remained inside for more than eight hours.
  • The company says it restored full system functionality and data access the same day and believes the attackers are no longer in its network.
  • CareCloud has not yet confirmed whether any patient data was stolen, but has retained outside cybersecurity experts and notified the SEC about the incident.

📊 Relevant Data

In 2024, the number of reported large healthcare data breaches in the US declined by 0.5% from 2023 to 725 incidents, but the number of affected individuals increased by 58% to over 140 million.

Healthcare Data Breach Statistics – Updated for 2026 — HIPAA Journal

Healthcare data is targeted by cybercriminals because medical records can sell for up to 10-50 times more than credit card information on the black market, due to their use in identity theft, insurance fraud, and creating fake medical claims.

Healthcare Data Breach Statistics 2025: Why Medical Records Are Worth 10x More Than Credit Cards — Patient Protect

Ransomware attacks have become the leading cause of healthcare data breaches in the US, accounting for over 50% of incidents from 2010 to 2024, with phishing and insider threats also significant contributors.

MSU study: Ransomware drives US health data breaches — Michigan State University Today

In identity theft cases overall in the US in 2025, Millennials accounted for 42% of victims, while individuals over 70 experienced higher median financial losses, though specific demographic breakdowns for medical identity theft are limited.

Identity Theft Statistics in 2026: Looking Into America's Fraud Problem — Security.org

📰 Source Timeline (1)

Follow how coverage of this story developed over time

April 07, 2026
5:22 PM
Healthcare data breach hits system storing patient records
Fox News