CareCloud data breach overview:
- Who: Healthcare information technology company CareCloud disclosed a data breach in March to the U.S. Securities and Exchange Commission.
- Why: CareCloud told the SEC an unauthorized third party breached one of its electronic health record environments.
- Where: CareCloud is a data service used by medical providers and patients nationwide.
Healthcare information technology company CareCloud disclosed to the U.S. Securities and Exchange Commission in March that it suffered a data breach affecting one of its electronic health record environments.
According to the SEC report, CareCloud experienced a temporary network disruption in its CareCloud Health division on March 16 that “partially impacted the functionality and data access to 1 of its 6 electronic health record environments” for a period of approximately eight hours.
CareCloud was able to fully restore all functionality and data access that evening, according to the SEC, which said the company “promptly reported the matter to its cybersecurity carrier” and “engaged a leading cyber response advisory team.”
The company believes the data breach incident was caused by an unauthorized third party who temporarily had access to the system, according to the SEC.
CareCloud says data breach contained on same day it was discovered
CareCloud told the SEC that it believes the data breach was contained to its CareCloud Health environment and did not affect its other platforms, divisions, systems, data or environments, and that the incident was contained on the same day it was discovered.
All of the affected systems have since been fully restored, according to the SEC, which said the company believes the threat actor no longer has any access.
CareCloud is now working with outside cybersecurity experts to “further reinforce” its information technology systems “and to prevent future unauthorized access,” according to the SEC.
“The company is continuing to investigate the nature and scope of the incident. The affected environment stores patient information, and the company continues to assess whether, and the extent to which, patient information or other data was accessed or exfiltrated, and the categories and volume of any such data,” the SEC said.
Also in March, a consumer filed a class action lawsuit against Sony streaming service Crunchyroll over claims the company failed to protect the PII of 6.8 million users during a recent data breach.
Were you affected by the CareCloud data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
