Share this article and save a life!
45,000 providers just found out their EHR was breached.
And the full damage still isn’t clear.
On March 16, 2026, CareCloud, a cloud-based EHR and practice management platform used widely by independent practices and specialty groups, suffered a significant cybersecurity breach. Patient records, billing data, and clinical documentation for providers across the country were potentially exposed.
This is not an isolated incident.
Healthcare was the most targeted industry for cyberattacks in 2025, and 2026 is on pace to be worse. According to the HHS Office for Civil Rights, healthcare data breaches affected more than 133 million individuals in 2023 alone. That number has grown every year since.
So why are we still so unprepared?
🔒 Here is what makes healthcare uniquely vulnerable:
Legacy EHR infrastructure built before modern threat environments existed.
Small and independent practices with zero dedicated cybersecurity staff.
Cloud migrations done at speed, without security architecture review.
Third-party vendor integrations that create back-door access points.
Insufficient encryption standards for data at rest in many systems.
For FQHCs and independent clinics, the risk is existential. These organizations don’t have a security operations center on speed dial. They have a front desk coordinator and an IT vendor who responds within 48 hours.
And the financial fallout is severe. The average cost of a healthcare data breach in 2025 reached $10.9 million, according to the IBM Cost of a Data Breach Report. That number includes regulatory penalties, breach notification, legal fees, and patient remediation costs that most smaller providers simply cannot absorb.
What should healthcare leaders be doing right now?
✅ Conduct a vendor risk audit of every third-party platform accessing your EHR.
✅ Verify your EHR vendor has SOC 2 Type II certification and current penetration testing.
✅ Implement multi-factor authentication across all clinical access points, not just administrative logins.
✅ Create an incident response plan before you need one, not after a breach hits.
✅ Understand your breach notification obligations under HIPAA and your state’s privacy laws.
The CareCloud breach is a wake-up call, but it should not be a surprise. Healthcare has underinvested in cybersecurity for decades while simultaneously becoming one of the most data-rich targets on the internet.
Every patient record is worth an estimated $250 to $1,000 on the dark web. That is 10 to 40 times the value of a stolen credit card number. Attackers know this. Healthcare leadership needs to start operating like they know it too.
Here is the uncomfortable truth: most healthcare organizations are one vendor vulnerability away from a crisis they are not financially or operationally prepared to survive.
Is cybersecurity finally getting the C-suite attention it deserves in your organization, or is it still treated as an IT department problem?
♻️ Repost if your patients deserve to know their health data is actually protected.
👉 Follow me for daily healthcare updates and get the deeper analysis in my free newsletter → https://lnkd.in/eJKFuB_p
Share this article and save a life!
Author:

CEO/Co-Founder @ Oatmeal Health | AI Lung Cancer Screening | Almost Became a Doctor | Engineer | Follow to Share What I’ve Learned Along the Way
I help patients get the care they need earlier, preventing late-stage cancer.
That’s been the throughline across three companies and almost 20 years in healthcare. At ReferralMD, we fixed broken referral networks so patients didn’t fall through the cracks. At Oatmeal Health, it’s lung cancer: building the diagnostic and screening infrastructure so the 85% of cases caught too late get caught early instead.
Today as CEO of Oatmeal Health, I lead a team embedding AI into radiology workflows to turn routine lung CT scans into reimbursable cancer risk assessments. We partner with FQHCs to reach underserved communities, and with health systems and payers to make early detection economically sustainable. Think HeartFlow or Cleerly, but for lungs.
Between companies, I advised at Techstars and Plug and Play, mentoring founders building in digital health. That experience shaped how I think about what separates companies that ship from companies that stall: distribution, reimbursement, and clinical trust, not just technology.
I’m a CancerX alumnus, a 3x healthcare founder, and someone who believes the biggest problems in cancer aren’t scientific. They’re operational.
We’re hiring mission-driven builders at Oatmeal Health. If you want to work on something that matters, reach out.
When I’m not working, I’m traveling, mentoring, and keeping up with one very energetic husky. 🐾
Substack – The Oatmeal Bite:
Millions of patients get less care because of who they are, where they live, or how they look. I’m fighting to change that. CEO @OatmealHealth, a startup built for the underserved. The Oatmeal Bite: intel for clinicians, investors, and advocates.
Jonathan Govette
CEO of Oatmeal Health
Substack:
https://oatmealhealthjonathangovette.substack.com/




