On March 16, 2026, CareCloud (a Somerset, NJ-based healthcare IT company) detected unauthorized access to one of its six EHR environments. The threat actor had access for approximately 8 hours before CareCloud contained and restored the environment the same evening. CareCloud filed an SEC notification and is investigating the full scope. CareCloud provides services to more than 45,000 medical providers across the US, meaning millions of patients may have had names, Social Security numbers, insurance details, and medical records exposed. The company has not confirmed how many clients or individuals were affected; notifications will follow once the investigation is complete. No threat actor has claimed responsibility.