CareCloud Network Disruption Affects EHR Functionality
In a Friday regulatory filing, CareCloud said, "On March 16, CareCloud, experienced a temporary network disruption in its CareCloud Health division that partially impacted the functionality and data access to 1 of its 6 electronic health record environments for approximately 8 hours until the Company fully restored all functionality and data access during that evening. Upon discovery of this incident, the Company promptly reported the matter to its cybersecurity carrier and engaged a leading cyber response advisory team which is part of a Big Four accounting firm to perform external cybersecurity work and to assist with securing the environment, as well as to conduct a comprehensive IT forensic investigation to determine the nature and scope of this incident. The Company further believes that the incident was contained to the CareCloud Health environment and did not affect the Company's other platforms, divisions, systems, data or environments. The incident was contained on the day it was discovered. The Company believes that it has sufficient cybersecurity insurance coverage for any potential losses. The Company further believes that the incident was caused by an unauthorized third party who temporarily had access to the system. The Company has reported the matter to the appropriate law enforcement authorities.The Company is continuing to investigate the nature and scope of the incident. The affected environment stores patient information, and the Company continues to assess whether, and the extent to which, patient information or other data was accessed or exfiltrated, and the categories and volume of any such data. All affected systems have been fully restored, and the Company believes that the threat actor no longer has any access to the same. As part of its remediation efforts, the Company is working with its outside cybersecurity experts to further reinforce its information technology systems and to prevent future unauthorized access."
