CareTracker, Inc. Data Breach Affects Patient PII & PHI

CareTracker, Inc., an organization that provides practice management software to medical practices and clinics, experienced a major data breach. The cybersecurity incident was disclosed to the U.S. Department of Health and Human Services on Aug. 18, 2025 and compromised both personal and protected health data.

The total number of impacted individuals has not been released, but is believed to include thousands of patients and multiple medical providers. CareTracker is widely used by physician practices and healthcare providers for scheduling, billing, insurance verification, and electronic medical records management.

Exposed information may include names, contact and demographic information, dates of birth, Social Security numbers, driver's license or state ID numbers, health insurance details, medical records and payment information. The breach was reported has a hacking incident and is considered severe, as unauthorized access to such data can lead to risks such as identity theft, insurance fraud, and privacy violations.

CareTracker's response

In addition to required state and federal disclosures, CareTracker will work to notify affected practices and their patients.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from CareTracker or your medical provider.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

More information about the company can be found on the CareTracker website.