Overview
- Cookeville Regional said it has begun mailing breach notices after confirming a ransomware incident compromised data on 337,917 people.
- Investigators found an intruder accessed the network between July 11 and July 14, 2025, with the hospital detecting the breach on July 14.
- Exposed details can include names, addresses, dates of birth, Social Security and driver’s license numbers, financial accounts, medical record numbers, treatment notes, and insurance data.
- Rhysida, a ransomware group, claimed the attack in August 2025, demanded 10 Bitcoin, and later posted the stolen files online after failing to sell them.
- CRMC is offering 12 months of Experian identity protection only to people whose Social Security or driver’s license numbers were exposed, and it reports no signs of misuse so far.