Cookeville Medical Center Alerts Patients to 2025 Ransomware Attack
▼ Summary
– The Community Health of Middle Tennessee (CRMC) notified over 337,000 patients of a data breach.
– The breach was caused by the Rhysida ransomware gang, which stole sensitive information.
– Exposed data includes patient names, Social Security numbers, and medical details.
– The attack occurred in late 2023, but the public notification was made in early 2024.
– CRMC is offering affected individuals free credit monitoring and identity theft protection services.
A major healthcare provider in Tennessee has begun notifying hundreds of thousands of patients that their personal information was compromised in a ransomware attack last year. Cookeville Regional Medical Center (CRMC) confirmed that an unauthorized party gained access to its network in late 2025, deploying the Rhysida ransomware to encrypt files and steal data.
The incident, which occurred on December 23, 2025, was discovered by the hospital’s IT security team the following day. An immediate investigation was launched, involving third-party cybersecurity experts to contain the breach and assess its scope. The forensic analysis concluded in early April 2026, revealing that the attackers accessed a system containing a wide array of protected health information (PHI).
The compromised data is extensive and highly sensitive. For over 337,000 affected individuals, the exposed information includes full names, addresses, dates of birth, and Social Security numbers. Medical details were also taken, such as diagnosis and treatment information, medical record numbers, and health insurance details. This type of data breach poses a significant risk of identity theft and medical fraud for the victims.
In its notification letters, CRMC stated it found no evidence that the stolen information has been misused. However, the hospital is offering complimentary credit monitoring and identity protection services for two years to all impacted individuals as a precautionary measure. Patients are advised to remain vigilant by reviewing their account statements and credit reports for any suspicious activity.
The Rhysida ransomware gang, known for its double-extortion tactics, typically steals data before encrypting systems and then threatens to publish the information unless a ransom is paid. CRMC has not disclosed whether a ransom was demanded or paid. The hospital has reported the incident to law enforcement, including the FBI, and is taking steps to bolster its cybersecurity defenses to prevent future attacks.
This event underscores the persistent and severe threat that cybercriminals pose to the healthcare sector, where safeguarding patient data is both a critical obligation and a constant challenge.
(Source: Infosecurity Magazine)
