Healthcare technology solutions provider CareCloud (Nasdaq: CCLD) has disclosed a cybersecurity incident that may have resulted in patient information compromise.
CareCloud is a New Jersey-based publicly traded company that offers cloud-based software solutions to medical practices, clinics, and hospitals, including for electronic health records, revenue cycle management, practice management, and patient engagement.
In a March 27 filing with the SEC, the company said its network was temporarily disrupted on March 16 due to a cybersecurity incident.
Functionality and data access to one of its six electronic health record environments was affected for roughly 8 hours.
The investigation into the incident is ongoing, with CareCloud attempting to determine whether the hacker accessed or exfiltrated any of the patient information or other data stored in the compromised environment.
CareCloud said the cybersecurity incident was limited to its CareCloud Health environment and “did not affect other platforms, divisions, systems, data or environments”.
The company’s assessment at the time of the filing was that the incident did not have a material impact and that any potential losses should be covered by cyberinsurance.
The cyberattack was reported to the SEC due to the sensitivity of the potentially compromised information and the possible consequences of the incident, such as reputational damage, legal and regulatory requirements, and incident response costs.
“All affected systems have been fully restored, and the Company believes that the threat actor no longer has any access to the same,” CareCloud stated.
No known ransomware group appears to have taken credit for an attack on CareCloud at the time of writing, but if it was indeed a profit-driven cybercrime gang it may only name the company on its leak website after it deems that negotiations have failed or stalled.
SecurityWeek has reached out to the company for additional details.
Related: European Commission Reports Cyber Intrusion and Data Theft
Related: Hightower Holding Data Breach Impacts 130,000
Related: Extortion Group Claims It Hacked AstraZeneca
Related: HackerOne Employee Data Exposed in Massive Navia Breach
