Cookeville Regional Medical Center, a 269-bed city-owned hospital in Tennessee and a key healthcare provider in the Upper Cumberland region, suffered a ransomware attack by the RHYSIDA group on August 2, 2025. The attackers claimed to have exfiltrated sensitive personally identifiable information (PII) of patients, employees (including ~200 physicians), and other individuals who provided data to the hospital. The stolen data was threatened for publication on the dark web, with the breach formally reported to the U.S. Department of Health and Human Services (HHS) on September 12, 2025.The incident exposes affected individuals to risks such as identity theft, financial fraud, and legal liabilities, with potential long-term consequences for the hospital’s reputation, operational integrity, and financial stability. The breach disrupts a major healthcare provider serving as an economic cornerstone for the region, with 2,450+ staff impacted. Legal investigations are underway, with affected parties eligible for compensation, credit monitoring, and identity theft protection under federal/state laws. The attack’s scale and targeting of healthcare data elevate its severity due to the critical nature of medical information and the hospital’s role in public health.
Source: https://www.claimdepot.com/investigations/cookeville-regional-medical-center-data-breach-2025
TPRM report: https://www.rankiteo.com/company/crmc
"id": "crm1202412092025",
"linkid": "crmc",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Patients, employees, and '
'individuals who provided '
'information to the hospital '
'(exact number unspecified)',
'industry': 'Healthcare',
'location': 'Cookeville, Tennessee, USA',
'name': 'Cookeville Regional Medical Center',
'size': '2,450 employees (including ~200 physicians), '
'269 beds',
'type': 'Hospital (city-owned)'}],
'customer_advisories': 'Affected individuals may be eligible for free credit '
'monitoring, identity theft protection, and '
'compensation. Deadlines may apply for joining legal '
'actions.',
'data_breach': {'data_exfiltration': 'Yes (threatened publication on dark '
'web)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (sensitive PII)',
'type_of_data_compromised': 'personally identifiable '
'information (PII)'},
'date_publicly_disclosed': '2025-08-02',
'description': 'The RHYSIDA ransomware group claimed responsibility for an '
'attack on Cookeville Regional Medical Center, a 269-bed '
'hospital in Tennessee. The group stated they had obtained '
'sensitive data and intended to publish it on the dark web. '
'The breach was classified as ransomware, with details posted '
'on the Tor network. Affected individuals may include '
'patients, employees, and others who provided information to '
'the hospital, with risks of identity theft and financial '
'fraud.',
'impact': {'brand_reputation_impact': 'High (potential loss of trust in a '
'major regional healthcare provider)',
'data_compromised': 'sensitive personally identifiable information '
'(PII)',
'identity_theft_risk': 'High (PII exposed)',
'legal_liabilities': 'Potential (under investigation for '
'compensation claims and regulatory '
'violations)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Threatened (publication '
'intended by RHYSIDA '
'group)',
'high_value_targets': 'Patient and employee PII, '
'hospital operational data'},
'investigation_status': 'Ongoing (legal investigation by Shamis & Gentile '
'P.A.; regulatory review likely)',
'motivation': 'Financial (ransom demand), data exfiltration for dark web '
'publication',
'ransomware': {'data_encryption': 'Likely (ransomware attack)',
'data_exfiltration': 'Yes (claimed by threat actor)',
'ransomware_strain': 'RHYSIDA'},
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-09-12',
'source': 'U.S. Department of Health and Human Services '
'Breach Report'},
{'date_accessed': '2025-08-02',
'source': 'RHYSIDA Ransomware Group (Tor Network Post)'}],
'regulatory_compliance': {'legal_actions': 'Under investigation (potential '
'class action lawsuit by Shamis & '
'Gentile P.A.)',
'regulatory_notifications': 'Reported to U.S. '
'Department of Health '
'and Human Services '
'(2025-09-12)'},
'response': {'communication_strategy': 'Public disclosure via U.S. Department '
'of Health and Human Services '
'(reported on 2025-09-12); legal '
'investigation by Shamis & Gentile '
'P.A. for affected individuals'},
'stakeholder_advisories': 'Patients, employees, and individuals who provided '
'information to Cookeville Regional Medical Center '
'advised to monitor for identity theft and seek '
'legal counsel.',
'threat_actor': 'RHYSIDA ransomware group',
'title': 'Cookeville Regional Medical Center Data Breach and Ransomware '
'Attack',
'type': ['data breach', 'ransomware attack']}