Breach taxonomy
Summary
On March 16, 2026, CareCloud experienced a network disruption in its CareCloud Health division caused by an unauthorized third party that temporarily had access to one of its six electronic health record environments. The affected EHR environment had partially impaired functionality and data access for approximately 8 hours before all systems were fully restored that evening. Patient information is stored in the affected environment; the company is continuing to investigate whether patient data was accessed or exfiltrated. On March 24, 2026, the company determined the incident was material.
Tagging rationale
ThreatUnknown
Filing refers to "an unauthorized third party" with no actor category or attribution disclosed → UNKNOWN.
MethodsSystem Outage
Filing describes a "temporary network disruption" that "partially impacted the functionality and data access" of an EHR environment for approximately 8 hours following unauthorized access → SYSTEM-OUTAGE. No ransomware or data exfiltration is confirmed.
AssetsPersonal DataRevenue Process
Filing states the affected EHR environment "stores patient information" and that one of six electronic health record environments — a revenue-generating clinical platform — was impacted → PERSONAL-DATA (primary) + REVENUE-PROCESS.
EffectsBiz Interruption
Filing discloses approximately 8 hours of partial functional impairment to one of six EHR environments before restoration → BIZ-INTERRUPTION. Data access/exfiltration remains under investigation, so INFO-PRIVACY-LOSS is not yet established.
Business continuityEffective
Filing states all affected systems were "fully restored" within approximately 8 hours on the same day the incident was discovered and that the threat actor no longer has access → Effective.
Impact
Eight-hour partial outage of 1 of 6 EHR environments, fully restored same day, no confirmed data loss, insurance coverage available — contained, minimal impact → score 1.
InsuranceYes
Filing states "The Company believes that it has sufficient cybersecurity insurance coverage for any potential losses" and that it reported the matter to its cybersecurity carrier → true.
Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incidents. On March 16, 2026, CareCloud, Inc. (the "Company") experienced a temporary network disruption in its CareCloud Health division that partially impacted the functionality and data access to 1 of its 6 electronic health record environments for approximately 8 hours until the Company fully restored all functionality and data access during that evening. Upon discovery of this incident, the Company promptly reported the matter to its cybersecurity carrier and engaged a leading cyber response advisory team which is part of a Big Four accounting firm to perform external cybersecurity work and to assist with securing the environment, as well as to conduct a comprehensive IT forensic investigation to determine the nature and scope of this incident. The Company further believes that the incident was contained to the CareCloud Health environment and did not affect the Company's other platforms, divisions, systems, data or environments. The incident was contained on the day it was discovered. The Company believes that it has sufficient cybersecurity insurance coverage for any potential losses. The Company further believes that the incident was caused by an unauthorized third party who temporarily had access to the system. The Company has reported the matter to the appropriate law enforcement authorities. The Company is continuing to investigate the nature and scope of the incident. The affected environment stores patient information, and the Company continues to assess whether, and the extent to which, patient information or other data was accessed or exfiltrated, and the categories and volume of any such data. All affected systems have been fully restored, and the Company believes that the threat actor no longer has any access to the same. As part of its remediation efforts, the Company is working with its outside cybersecurity experts to further reinforce its information technology systems and to prevent future unauthorized access. As of the date of this Current Report on Form 8-K, the incident has not had a material impact on the Company's operations. On March 24, 2026, the Company nevertheless determined that the incident is material in light of the sensitivity of the potentially affected information and the potential consequences of the incident, including remediation and response costs, legal, regulatory and notification-related matters, and possible effects on patients, customers, counterparties, reputation and operations. The Company believes that the incident is not reasonably likely to have a material impact on the Company's financial condition or results of operations but has not yet determined the full impact of the incident.