The Cookeville Regional Medical Center (CRMC) in Tennessee experienced a significant data breach following a ransomware attack last year. This cybersecurity incident has affected the personal data of over 337,000 individuals.
Details of the Cybersecurity Breach
On July 14, 2025, CRMC discovered a network intrusion. An investigation revealed that sensitive files had been accessed and stolen in the days leading up to this discovery. The compromised data includes personal and sensitive information such as names, birth dates, addresses, Social Security numbers, driver’s license numbers, financial details, medical records, and health insurance information.
The breach notice was posted on the medical center’s website, emphasizing the wide range of services CRMC offers through its 289-bed hospital and outpatient facilities.
Ransomware Group’s Involvement
The Rhysida ransomware group claimed responsibility for this attack, listing the healthcare organization on its leak site in August 2025. The hackers initially attempted to sell the stolen data for 10 bitcoin, equivalent to approximately $1 million at the time. However, they later reported the failure to find a buyer and subsequently made the data available for free download. The group claims to have exfiltrated over 370,000 files, totaling 500 GB of data.
Despite this, CRMC has stated that there is no concrete evidence indicating that the stolen information has been misused. Nonetheless, the potential for misuse remains high, considering the nature of data involved.
Implications and Protective Measures
The exposure of such sensitive data poses a significant risk of identity theft and other forms of fraud. To mitigate these risks, the medical center is offering identity theft protection services to those individuals whose Social Security or driver’s license numbers were compromised.
This incident highlights the critical importance of robust cybersecurity measures within the healthcare sector, where sensitive patient information is frequently targeted by cybercriminals. As healthcare organizations continue to face similar threats, the need for rigorous security protocols and rapid response strategies becomes increasingly essential.
For further insights, related incidents include a cyberattack causing disruption at a Massachusetts hospital and a data breach affecting 250,000 individuals at Nacogdoches Memorial Hospital. Additionally, the healthcare IT platform CareCloud is currently investigating a potential data breach.
