Healthcare Tech Firm CareCloud Says Hackers Stole Patient Data

CareCloud, a healthcare technology company that provides cloud-based practice management and electronic health record software to medical practices, has disclosed that hackers stole patient data in a breach, according to a report by BleepingComputer published Monday. The company said an unauthorized party accessed its systems and exfiltrated data that included patient information. CareCloud serves physician practices, ambulatory surgery centers, and behavioral health providers across the United States, meaning the exposed data could affect patients across multiple medical disciplines. The specific categories of data stolen were not fully detailed in initial reporting. Healthcare breaches typically expose a combination of protected health information, personally identifiable information such as names and Social Security numbers, insurance details, and billing records. CareCloud processes payments and handles billing on behalf of its medical practice clients. CareCloud is publicly traded on the Nasdaq exchange under the ticker MTBC. The company reported approximately $150 million in annual revenue in its most recent filings. The breach adds to a sustained wave of cyberattacks targeting healthcare organizations. The sector has faced aggressive targeting by ransomware groups and data extortion actors in recent years, driven by the high value of medical records on criminal markets and the sector's historically underfunded cybersecurity posture. Change Healthcare, a subsidiary of UnitedHealth Group, suffered a landmark ransomware attack in February 2024 that disrupted prescription processing across the U.S. healthcare system and exposed records from an estimated 100 million patients. That incident accelerated regulatory attention to healthcare cybersecurity. CareCloud did not immediately respond to requests for additional detail, according to BleepingComputer.