CARECLOUD notifies the SEC after attack on one of its EHR environments, detailing a temporary disruption that affected 1 of its 6 electronic health record environments for about eight hours on 16 March 2026, with access restored that evening, according to DysruptionHub.
The SEC filing, dated 27 March 2026, notes that an unauthorized third party briefly accessed part of the CareCloud Health division on 16 March 2026, partially disrupting functionality and data access in the affected environment before full restoration that night.
The company said all affected systems have been fully restored and that the incident was contained on the day it was discovered; its notification to the SEC states there is no material impact at this time but that the incident is being treated as material due to the sensitivity of potentially compromised information and related costs.
CareCloud reported it engaged its cybersecurity carrier and a leading cyber response advisory team from a Big Four firm to perform external work and a comprehensive IT forensic investigation, and to reinforce the environment against future unauthorized access. No threat actor or group has claimed responsibility for the attack at this time, and the incident is the subject of ongoing investigation.