Cookeville Regional Medical Center (CRMC), which serves areas in Tennessee and Kentucky, is still trying to recover from a ransomware attack that occurred on July 13, 2025. The attack was recently claimed by the Rhysida ransomware group.
CRMC notified patients about the issue on its website, explaining that it first detected “unusual activity” on July 13 that caused a major system outage. The hospital described the event as a “network security incident” that disrupted parts of its IT infrastructure.
Rhysida added CRMC to its dark web leak site on August 2, suggesting that negotiations between the hospital and the hackers have fallen apart. On their “Auction” page, the group has given CRMC a little over four days to pay an unspecified ransom before the stolen data is put up for sale for 10 Bitcoin—currently valued at around $1.15 million.
CRMC provides medical care to approximately 250,000 people annually across 14 counties in Tennessee’s Upper Cumberland region and parts of Kentucky. The hospital employs more than 2,500 staff, includes 175 doctors, and offers over 40 medical and surgical specialties, according to its website.
Since acknowledging the cyberattack, hospital officials report that their Information Systems Security Team has been working non-stop to bring affected systems back online. “The IS team has been working around the clock, and we’re grateful for everyone’s patience,” said Tim McDermott, CRMC’s Chief Information Officer. He also confirmed that the hospital is collaborating with external cybersecurity experts and that federal authorities have been notified. The investigation remains ongoing.
Rhysida also published a preview of roughly fifteen documents allegedly stolen in the breach. These include images of driver’s licenses, numerous patient medical records, employee tax forms, and financial documents—some dating back to 2018.
CRMC stated that it will provide updates when necessary and will inform patients if any unauthorized access to their personal information is confirmed.
“Protecting our patients’ privacy and data is a top priority,” the hospital emphasized.