The Cookeville Regional Medical Center (CRMC) in Tennessee was targeted in a ransomware attack last year, and the cybersecurity incident resulted in a significant data breach.
The medical center, which offers a wide range of healthcare services at its 289-bed hospital and outpatient locations, said in a data breach notice on its website that a network intrusion was discovered on July 14, 2025, and an investigation revealed that certain files had been stolen in the prior days.
The probe showed that the compromised information could include name, date of birth, address, SSN, driver’s license number, financial account number, medical treatment information, and health insurance policy information.
CRMC told the Maine Attorney General’s Office this week that the incident affects more than 337,000 individuals.
The healthcare organization was listed on the Rhysida ransomware group’s leak website in August 2025. The hackers were hoping to sell the data for 10 bitcoin, then worth roughly $1 million.
However, they claim they did not find a buyer, and they apparently made the stolen data freely available for download. The ransomware group claims to have stolen more than 370,000 files totaling 500 GB.
The Cookeville hospital said “it has no evidence that any information may have been misused as a result of this incident”.
However, the risk of abuse is significant when data is stolen by a ransomware group and leaked online. Identity theft protection services are only being offered to individuals whose SSNs or driver’s license numbers were compromised.
Related: Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
Related: 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital
Related: Healthcare IT Platform CareCloud Probing Potential Data Breach
