Cookeville Medical Center Data Breach Affects Over 337,000 Patients

Severity: High (Score: 68.0)

Sources: Cybernews, Securityaffairs.Co, crmchealth.org, Infosecurity-Magazine

Summary

Cookeville Regional Medical Center (CRMC) in Tennessee reported a ransomware attack that compromised the personal and medical data of 337,917 patients. The attack occurred between July 11 and July 14, 2025, and was attributed to the Rhysida ransomware group, which demanded a ransom of 10 Bitcoin, valued at approximately $1.15 million at the time. The hospital began notifying affected individuals on April 14, 2026, nearly nine months after the breach was detected. Data accessed may include sensitive information such as Social Security numbers, medical records, and financial details. CRMC is offering 12 months of free identity theft protection to affected patients. This incident is noted as the eighth-largest healthcare ransomware breach in the U.S. for 2025. The hospital has implemented additional security measures since the attack. The lengthy notification period reflects the extensive forensic investigation required to assess the breach's impact. Key Points: • Over 337,000 patients affected by the CRMC ransomware attack. • Rhysida group claimed responsibility, demanding 10 Bitcoin as ransom. • CRMC is offering 12 months of identity theft protection to affected individuals.

Key Entities

• Data Breach (attack_type)
• Ransomware (attack_type)
• Cookeville Regional Medical Center (company)
• Maine Attorney General's Office (company)
• Russia (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• Healthcare (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• Rhysida (ransomware_group)