Share this article and save a life!
45,000 providers just found out their EHR was breached.
And the full damage still isn’t clear.
On March 16, 2026, CareCloud, a cloud-based EHR and practice management platform used widely by independent practices and specialty groups, suffered a significant cybersecurity breach. Patient records, billing data, and clinical documentation for providers across the country were potentially exposed.
This is not an isolated incident.
Healthcare was the most targeted industry for cyberattacks in 2025, and 2026 is on pace to be worse. According to the HHS Office for Civil Rights, healthcare data breaches affected more than 133 million individuals in 2023 alone. That number has grown every year since.
So why are we still so unprepared?
🔒 Here is what makes healthcare uniquely vulnerable:
Legacy EHR infrastructure built before modern threat environments existed.
Small and independent practices with zero dedicated cybersecurity staff.
Cloud migrations done at speed, without security architecture review.
Third-party vendor integrations that create back-door access points.
Insufficient encryption standards for data at rest in many systems.
For FQHCs and independent clinics, the risk is existential. These organizations don’t have a security operations center on speed dial. They have a front desk coordinator and an IT vendor who responds within 48 hours.
And the financial fallout is severe. The average cost of a healthcare data breach in 2025 reached $10.9 million, according to the IBM Cost of a Data Breach Report. That number includes regulatory penalties, breach notification, legal fees, and patient remediation costs that most smaller providers simply cannot absorb.
What should healthcare leaders be doing right now?
✅ Conduct a vendor risk audit of every third-party platform accessing your EHR.
✅ Verify your EHR vendor has SOC 2 Type II certification and current penetration testing.
✅ Implement multi-factor authentication across all clinical access points, not just administrative logins.
✅ Create an incident response plan before you need one, not after a breach hits.
✅ Understand your breach notification obligations under HIPAA and your state’s privacy laws.
The CareCloud breach is a wake-up call, but it should not be a surprise. Healthcare has underinvested in cybersecurity for decades while simultaneously becoming one of the most data-rich targets on the internet.
Every patient record is worth an estimated $250 to $1,000 on the dark web. That is 10 to 40 times the value of a stolen credit card number. Attackers know this. Healthcare leadership needs to start operating like they know it too.
Here is the uncomfortable truth: most healthcare organizations are one vendor vulnerability away from a crisis they are not financially or operationally prepared to survive.
Is cybersecurity finally getting the C-suite attention it deserves in your organization, or is it still treated as an IT department problem?
♻️ Repost if your patients deserve to know their health data is actually protected.
👉 Follow me for daily healthcare updates and get the deeper analysis in my free newsletter → https://lnkd.in/eJKFuB_p
Share this article and save a life!
Author:
Jonathan Govette is a seasoned healthcare and technology executive with more than two decades of experience building, scaling, and advising digital health companies. He is the Co-Founder and CEO of Oatmeal Health, an AI-driven Lung Cancer Screening and Diagnostics company focused on expanding access to early detection for underrepresented populations, particularly patients served by Federally Qualified Health Centers and value-based health plans.
With a background in engineering, product development, and strategic partnerships, Jonathan has founded and led multiple health technology ventures across clinical care delivery, regulated medical software, and AI-enabled diagnostics. His work sits at the intersection of medicine, technology, and health equity, with a consistent focus on translating complex clinical problems into scalable, real-world solutions.
Jonathan has spent much of his professional life dedicated to improving outcomes for marginalized and underserved communities. He has designed and implemented frameworks that align clinical quality, reimbursement, and technology to sustainably advance health equity at scale. This mission is deeply personal and informs his leadership philosophy and long-term vision for healthcare transformation.
In addition to his operating experience, Jonathan is an author and long-time writer in the healthcare domain, with over 20 years of published work covering digital health, medical innovation, and healthcare systems. He is a frequent mentor to early-stage founders and regularly advises startups on product strategy, partnerships, and go-to-market execution in regulated healthcare environments.
Before entering industry full-time, Jonathan nearly pursued a career in medicine with an early path toward cardiothoracic surgery, an experience that continues to shape his clinical perspective and respect for frontline care delivery.
CEO | Oatmeal Health | AI Lung Cancer Startup | Engineer | Writer | Almost Became a Doctor (Cardiac Thoracic Surgeon) | 3x Health Tech Founder | Startup Mentor | Follow to share what I’ve learned along the way.
