HEALTHCARE IT platform CareCloud has disclosed a cybersecurity incident that may have affected patient information in one of its electronic health record environments. In a March 27 filing with the SEC, the company said its network was temporarily disrupted on March 16 due to a cybersecurity incident, with functionality and data access in one of six electronic health record environments affected for roughly eight hours.
The investigation is ongoing to determine whether any patient information or other data was accessed or exfiltrated from the compromised environment, and CareCloud emphasised that the incident was limited to its CareCloud Health environment and did not affect other platforms, divisions, systems, data or environments. The company’s assessment at the time of the filing was that there was no material impact and that any potential losses should be covered by cyberinsurance.
All affected systems have been fully restored, and according to the company, the threat actor no longer has any access to the same, with no known ransomware group credit at the time of writing. according to SEC