Cookeville Regional Medical Center in Tennessee yesterday confirmed it notified 337,917 people of a July 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Financial account numbers
- Medical treatment info
- Medical record numbers
- Health insurance policy info
- Driver’s license numbers
- Dates of birth
- Addresses
The hospital on July 15, 2025 said a ransomware attack disrupted CRMC’s computer systems.
A cybercriminal group called Rhysida took credit for the breach on August 2, 2025. On its data leak site, Rhysida demanded 10 bitcoin in ransom for data it claims to have stolen from CRMC, worth about $1.15 million at the time.
CRMC has not acknowledged Rhysida’s claim and Comparitech cannot independently verify it. We do not know if CRMC paid a ransom or how attackers breached its network. Comparitech contacted CRMC for comment and will update this article if it replies.
“On July 14, 2025, we discovered that we were the victim of a ransomware attack,” says CRMC’s notice to breach victims. “The forensic investigation determined that an unauthorized third party accessed our computer network and viewed or acquired certain files between July 11, 2025, and July 14, 2025.”
The hospital is offering breach victims one year of free identity theft protection through Experian.
Who is Rhysida?
Rhysida is a cybercriminal group that first surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom both for deleting stolen data and for a key to restore infected devices. Rhysida operates a ransomware-as-a-service business in which affiliates pay Rhysida to use its malware and infrastructure to launch attacks and collect ransoms.
Rhysida claimed responsibility for 91 ransomware attacks in 2025. Of those attacks, 23 were confirmed by the targeted organizations. Rhysida’s average ransom is $1.2 million.
Rhysida took credit for six confirmed ransomware attacks against healthcare providers last year. In addition to CRMC, they include:
- Florida Lung, Asthma, & Sleep Specialists notified 10,000 people of a May 2025 data breach for which Rhysida demanded $639,000
- MedStar Health (MD) reported a September 2025 data breach for which Rhsyida demanded $3.09 million
- Spindletop Center (TX) notified 88,863 people of a data breach for which Rhysida demanded $1.65 million
- MACT Health Board (CA) reported a November 2025 data breach for which Rhysida demanded $662,000
- Heart South Cardiovascular Group (AL) notified 46,666 people of a November 2025 data breach for which Rhysida demanded $630,000
The cybercriminal group remains active in 2026 with six more attack claims to date. One of those has been confirmed so far.
Ransomware attacks on US healthcare
Comparitech researchers logged 134 confirmed ransomware attacks on US hospitals, clinics, and other healthcare providers in 2025. Those attacks compromised 11.7 million records in total.
The CRMC is the eighth-largest such breach by number of records compromised.
Other recently-confirmed US healthcare data breaches include:
- Signature Healthcare (MA) reported a cyber attack claimed by Anubis earlier this month
- Rocky Mountain Associated Physicians (UT) notified 50,640 people of an October 2025 data breach claimed by PEAR
- Southern Illinois Dermatology reported a November 2025 data breach claimed by Insomnia
- Aroostook Mental Health Services (ME) reported a data breach claimed by Qilin last month
Ransomware attacks on US hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk. Hospitals and clinics might resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About Cookeville Regional Medical Center
Cookeville Regional Medical Center is a 289-bed hospital in the Upper Cumberland region of Tennessee. Between July 2024 and June 2025, the hospital fielded 46,995 emergency room visits, 13,182 inpatient admissions, 186,935 outpatients visits, 36,841 urgent care visits, delivered 1,795 newborns, and performed 10,642 surgeries, according to its website. It employs 2,660 people, 285 of which are physicians.
