Last updated 1 month ago
Cookeville Regional Medical Center (CRMC), a Tennessee-based healthcare provider, disclosed a ransomware attack that occurred in July 2025, affecting over 337,000 patients. The breach was discovered internally in July 2025, and notification letters were sent to affected individuals. The incident exposed a wide range of sensitive patient data.
The attack was carried out by the Rhysida ransomware group, which gained unauthorized access to CRMC's systems and encrypted files. The attackers exfiltrated patient data including names, dates of birth, Social Security numbers, medical record numbers, health insurance information, and treatment details. The specific initial access vector has not been disclosed, but Rhysida is known to use phishing and vulnerability exploitation.
CRMC has begun notifying affected patients and is working with law enforcement and cybersecurity experts. No ransom payment has been confirmed. The breach is under investigation by federal authorities, and CRMC is offering credit monitoring services to impacted individuals.
Rhysida ransomware attack
CRMC's failure to prevent Rhysida ransomware from encrypting systems and exfiltrating over 337,000 patient records indicates gaps in network segmentation and endpoint detection. The exposure of Social Security numbers and medical data suggests insufficient data-at-rest encryption and access controls. Healthcare organizations must prioritize robust backup strategies, multi-factor authentication, and continuous monitoring to defend against ransomware groups like Rhysida.
Sign in to join the discussion.
Company
Industry
Location
Discovered
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor