In a concerning development, Cookeville Regional Medical Center (CRMC) in Tennessee has confirmed that the personal and medical data of over 337,000 patients has been compromised due to a ransomware attack that occurred in July 2025. This unfortunate incident has raised alarms regarding the security of health data within U.S. healthcare systems.
The hospital, which operates as a 309-bed facility, began dispatching notifications regarding the data breach on April 14, 2026, nearly nine months after the unauthorized intrusion was first detected. According to an official filing made with the Maine Attorney General’s Office, it was revealed that an unauthorized party accessed or acquired sensitive files between July 11 and July 14, 2025. The breach has specifically affected a total of 337,917 individuals, highlighting the significant scale of this incident.
An Overview of the Rhysida Attack
The attack was attributed to a ransomware-as-a-service group known as Rhysida, which emerged in May 2023 and has links to Russia. On August 2, 2025, Rhysida took responsibility for the attack, demanding a ransom of 10 Bitcoin, equivalent to approximately $1.15 million at the time. The cybercriminal organization even went as far as posting samples of the stolen files on its dark web leak site. It remains uncertain whether any ransom was paid by CRMC in response to the demand.
The information that may have been accessed during the breach is deeply troubling. It potentially includes sensitive data such as patients’ names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account details, medical record numbers, treatment information, and health insurance data. The comprehensive nature of this data breach has raised concerns about the long-term implications for patient privacy and security.
In response to the breach, CRMC, which serves an estimated 250,000 patients each year across 14 counties in the Upper Cumberland region, has taken measures to provide support for those affected. The medical center is offering 12 months of free identity theft protection through Experian, a sign of their commitment to helping patients mitigate the potential fallout from this incident.
The Broader Context of Healthcare Cybersecurity
The CRMC breach is notable as the eighth-largest ransomware incident in U.S. healthcare for the year 2025, based on the number of records compromised. Research compiled by Comparitech indicates that there were 134 confirmed attacks on U.S. healthcare providers over the past year, compromising approximately 11.7 million records. Rhysida itself has claimed responsibility for 91 separate attacks across various sectors in 2025, with healthcare remaining a primary target.
Other recent victims of Rhysida in the healthcare sector reflect a troubling trend:
- Florida Lung, Asthma & Sleep Specialists (FL) faced a ransom demand of $639,000 in May 2025.
- MedStar Health (MD) was subjected to a significant demand of $3.09 million in September 2025.
- Spindletop Center (TX) received a $1.65 million ransom demand during the same month.
- In November 2025, both MACT Health Board (CA) and Heart South Cardiovascular Group (AL) were targeted with demands of $662,000 and $630,000, respectively.
Rebecca Moody, head of data research at Comparitech, highlighted the extensive forensic work that must be conducted after a ransomware attack on hospitals. She explained that organizations often require a considerable amount of time to investigate the extent of data impacted by such breaches. Moody also pointed out that some organizations do not promptly use the term "ransomware" or take months to issue any form of data breach notification. This delay can leave those affected vulnerable to identity theft and phishing scams, exacerbating the risks associated with data breaches.
Ransomware attacks on hospitals frequently lead to substantial operational disruptions, resulting in extended downtime, canceled appointments, and patient diversions, even when clinical systems manage to maintain functionality. Following the breach, CRMC has committed to implementing additional security measures to better protect patient data in the future.
As the healthcare landscape increasingly faces the threat of cyberattacks, the CRMC incident serves as a stark reminder of the vulnerabilities inherent in the system. It underscores the urgent need for healthcare providers to enhance their cybersecurity protocols to safeguard patient information and maintain trust within the communities they serve.