Cyberattack at CareCloud (CCLD) hits one EHR system but is contained

Rhea-AI Filing Summary

CareCloud, Inc. reports a material cybersecurity incident involving its CareCloud Health division. On March 16, 2026, a temporary network disruption affected 1 of its 6 electronic health record environments for about eight hours until functionality and data access were fully restored that evening.

The incident, believed to be caused by an unauthorized third party, appears contained to the CareCloud Health environment. CareCloud engaged a Big Four cyber response team, notified its cybersecurity insurer, and reported the matter to law enforcement. The company is still determining whether, and to what extent, patient information or other data was accessed or exfiltrated.

CareCloud states that, as of this report, the incident has not had a material impact on operations and is not reasonably likely to have a material impact on its financial condition or results of operations. It nevertheless deems the incident material due to the sensitivity of potentially affected data and potential remediation, legal, regulatory, notification, and reputational consequences.

Insights

Cybersecurity and risk analyst

CareCloud discloses a contained but material cyber incident with limited expected financial impact.

CareCloud describes an eight-hour disruption limited to 1 of 6 electronic health record environments in its CareCloud Health division. Operations and data access were restored the same day, and other platforms and systems are believed to be unaffected. The company quickly brought in a Big Four cyber response team and notified its cybersecurity insurer.

The company is still investigating whether patient information or other data in the affected environment was accessed or exfiltrated, which is the key remaining uncertainty. It labels the incident material mainly because of potential remediation, legal, regulatory, notification, and reputational consequences, not because of current operational or financial impact.

CareCloud currently believes the incident is not reasonably likely to have a material impact on its financial condition or results of operations, though the full impact is undetermined. Future updates may come through amended disclosures once the ongoing forensic investigation clarifies data exposure, notification obligations, and any regulatory responses.

false 0001582982 0001582982 2026-03-24 2026-03-24 0001582982 CCLD:CommonStockParValue0.001PerShareMember 2026-03-24 2026-03-24 0001582982 CCLD:Sec8.75SeriesBCumulativeRedeemablePerpetualPreferredStockParValue0.001PerShareMember 2026-03-24 2026-03-24 iso4217:USD xbrli:shares iso4217:USD xbrli:shares

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 8-K

CURRENT REPORT

Pursuant to Section 13 or 15(d) of the

Securities Exchange Act of 1934

Date of Report (Date of earliest event reported): March 24, 2026

CareCloud, Inc.

(Exact name of registrant as specified in its charter)

Delaware		001-36529		22-3832302
(State or other jurisdiction of incorporation)		(Commission File Number)		(IRS Employer Identification No.)

7 Clyde Road, Somerset, New Jersey 08873
(Address of principal executive offices, zip code)

(732) 873-5133

(Registrant’s telephone number, including area code)

Not Applicable
(Former name or former address, if changed since last report)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:

☐	Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)
☐	Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)
☐	Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))
☐	Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:

Title of each class		Trading Symbol(s)		Name of each exchange on which registered
Common Stock, par value $0.001 per share		CCLD		Nasdaq Global Market
8.75% Series B Cumulative Redeemable Perpetual Preferred Stock, par value $0.001 per share		CCLDO		Nasdaq Global Market

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).

Emerging growth company ☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Item 1.05 Material Cybersecurity Incidents.

On March 16, 2026, CareCloud, Inc. (the “Company”) experienced a temporary network disruption in its CareCloud Health division that partially impacted the functionality and data access to 1 of its 6 electronic health record environments for approximately 8 hours until the Company fully restored all functionality and data access during that evening. Upon discovery of this incident, the Company promptly reported the matter to its cybersecurity carrier and engaged a leading cyber response advisory team which is part of a Big Four accounting firm to perform external cybersecurity work and to assist with securing the environment, as well as to conduct a comprehensive IT forensic investigation to determine the nature and scope of this incident.

The Company further believes that the incident was contained to the CareCloud Health environment and did not affect the Company’s other platforms, divisions, systems, data or environments. The incident was contained on the day it was discovered. The Company believes that it has sufficient cybersecurity insurance coverage for any potential losses. The Company further believes that the incident was caused by an unauthorized third party who temporarily had access to the system. The Company has reported the matter to the appropriate law enforcement authorities.

The Company is continuing to investigate the nature and scope of the incident. The affected environment stores patient information, and the Company continues to assess whether, and the extent to which, patient information or other data was accessed or exfiltrated, and the categories and volume of any such data.

All affected systems have been fully restored, and the Company believes that the threat actor no longer has any access to the same. As part of its remediation efforts, the Company is working with its outside cybersecurity experts to further reinforce its information technology systems and to prevent future unauthorized access.

As of the date of this Current Report on Form 8-K, the incident has not had a material impact on the Company’s operations. On March 24, 2026, the Company nevertheless determined that the incident is material in light of the sensitivity of the potentially affected information and the potential consequences of the incident, including remediation and response costs, legal, regulatory and notification-related matters, and possible effects on patients, customers, counterparties, reputation and operations. The Company believes that the incident is not reasonably likely to have a material impact on the Company’s financial condition or results of operations but has not yet determined the full impact of the incident. To the extent any information required by Item 1.05(a) of Form 8-K was not determined or was unavailable at the time of this filing, the Company will amend this Current Report on Form 8-K as such information is determined or becomes available.

2

Cautionary Statement Regarding Forward-Looking Statements

This Current Report on Form 8-K contains forward-looking statements within the meaning of the federal securities laws, including statements regarding the scope of the incident, whether and to what extent patient information or other data was accessed or exfiltrated, the categories and volume of data affected, the effectiveness of the Company’s containment and remediation efforts, the Company’s assessment of notification obligations, and the actual and reasonably likely impact of the incident on the Company’s business, operations, financial condition and results of operations. These statements are based on current information, estimates and assumptions and are subject to risks and uncertainties. Actual results may differ materially from those expressed or implied by these forward-looking statements. Except as required by law, the Company undertakes no obligation to update these statements.

Item 9.01 Financial Statements and Exhibits.

(d) Exhibits

104 Cover Page Interactive Data File (embedded within the Inline XBRL document)

3

SIGNATURE(S)

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.

		CareCloud, Inc.
Date:	March 27, 2026	By:	/s/ Norman Roth
			Norman Roth
			Interim Chief Financial Officer and Corporate Controller

4

FAQ

What cybersecurity incident did CareCloud (CCLD) report in March 2026?

CareCloud reported a cybersecurity incident on March 16, 2026, causing a temporary disruption in 1 of its 6 electronic health record environments. The disruption lasted about eight hours until all functionality and data access were restored that evening, and other platforms are believed unaffected.

Did the CareCloud (CCLD) cybersecurity incident affect patient data?

The affected environment stores patient information, and CareCloud is still assessing whether, and to what extent, patient data or other information was accessed or exfiltrated. The company is evaluating the categories and volume of any impacted data as part of a comprehensive forensic investigation.

How has CareCloud (CCLD) responded to the March 2026 cyber incident?

CareCloud engaged a leading cyber response team from a Big Four accounting firm, notified its cybersecurity carrier, and reported the matter to law enforcement. It restored all affected systems, is reinforcing IT defenses with outside experts, and continues a detailed forensic investigation into the incident’s scope.

What impact does CareCloud (CCLD) expect from the cybersecurity incident on its business?

CareCloud states the incident has not had a material impact on operations and is not reasonably likely to have a material impact on financial condition or results. However, it deems the incident material given sensitive data involved and potential remediation, legal, regulatory, notification, and reputational consequences.

Why did CareCloud (CCLD) deem the cybersecurity incident material if operations were quickly restored?

CareCloud considers the incident material because of the sensitivity of potentially affected patient information and potential consequences, including remediation and response costs, legal and regulatory issues, notification obligations, and possible effects on patients, customers, counterparties, reputation, and operations, despite limited current operational impact.

Does CareCloud (CCLD) have insurance coverage related to the cyber incident?

CareCloud believes it has sufficient cybersecurity insurance coverage for potential losses related to the incident. This coverage is intended to help address costs such as investigation, remediation, and other incident-related expenses, although the full financial impact has not yet been determined.

Filing Exhibits & Attachments

4 documents

Other Documents

• EX-101 XBRL SCHEMA FILE 4.0 KB
• EX-101 XBRL DEFINITION FILE 28.4 KB
• EX-101 XBRL LABEL FILE 101.0 KB
• EX-101 XBRL PRESENTATION FILE 77.4 KB