CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Rhysida ransomware leak impacts 337,000 patients at Tennessee hospital after failed extortion

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Cookeville Regional Medical Center (CRMC) in Tennessee confirmed that more than 337,917 patients were notified in April 2026 of a July 2025 ransomware attack conducted by the Rhysida group, a Russia-linked ransomware-as-a-service operation active since May 2023. The intrusion, detected internally in mid-July 2025, resulted in the theft of sensitive data including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account details, medical records, and health insurance information. Rhysida claimed responsibility on August 2, 2025, demanding 10 Bitcoin (~$1.15 million at the time) before publishing the dataset publicly after failing to secure a buyer. CRMC has begun mailing breach notifications and is offering 12 months of free identity theft protection through Experian. The incident ranks as the eighth-largest US healthcare ransomware breach of 2025 by records compromised, amid a broader wave of Rhysida attacks targeting healthcare providers nationwide.

Timeline

  1. 16.04.2026 15:40 2 articles · 4h ago

    Rhysida ransomware group publishes CRMC patient data after failed extortion attempt

    On August 2, 2025, the Rhysida ransomware group claimed responsibility for the CRMC intrusion, demanding 10 Bitcoin (~$1.15 million at the time) and posting sample files on its dark web leak site. The gang later made the exfiltrated dataset—containing 500 GB across 370,000 files, including PII, PHI, and financial information affecting 337,917 individuals—publicly available after failing to secure a buyer. CRMC began mailing breach notifications on April 14, 2026, and is offering 12 months of free identity theft protection through Experian. The incident ranks as the eighth-largest US healthcare ransomware breach of 2025 by records compromised.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Central Maine Healthcare Breach Exposes Data of 145,000 Individuals

A data breach at Central Maine Healthcare (CMH) exposed sensitive information of over 145,000 individuals. The hackers remained on the organization's systems for more than two months, from March 19 to June 1, 2025. The breach affected patients and current and former employees, potentially exposing full names, dates of birth, treatment information, health insurance details, and Social Security Numbers (SSNs). The incident increases the risk of phishing, impersonation, and fraud for affected individuals. CMH has set up a dedicated support line and is offering free credit monitoring services to mitigate potential financial fraud.

Open in new tab

SimonMed Imaging Data Breach Affects 1.2 Million Patients

SimonMed Imaging, a U.S. medical imaging provider, experienced a data breach in January 2025. The breach exposed sensitive information of over 1.2 million individuals. The unauthorized access occurred between January 21 and February 5, 2025. The company detected the breach on January 27 and took immediate steps to contain the situation. The Medusa ransomware group claimed responsibility for the attack and leaked some data as proof. The breach impacted patients across 11 U.S. states, where SimonMed operates approximately 170 medical centers. The company has not confirmed the exact nature of the stolen data but acknowledged the potential for highly sensitive information to have been compromised. SimonMed has offered affected individuals free identity theft protection services.

Open in new tab

Wayne Memorial Hospital Ransomware Attack Affects 160,000 Individuals

Wayne Memorial Hospital (WMH) in Georgia has disclosed a ransomware attack that compromised the personal and medical information of over 160,000 individuals. The breach occurred between May 30 and June 3, 2024, and involved the encryption of hospital systems and the theft of sensitive data. The hospital identified the incident on June 3, 2024, and has since taken steps to secure its network and notify affected individuals. The compromised data includes names, dates of birth, Social Security numbers, medical history, and prescription details. The hospital has engaged legal counsel and cybersecurity professionals to investigate the attack and has provided affected individuals with 12 months of free credit monitoring and identity theft protection services.

Open in new tab

DaVita ransomware attack exposes data of nearly 2.7 million individuals

DaVita, a kidney dialysis firm, confirmed that a ransomware attack compromised the personal and health information of nearly 2.7 million people. The breach occurred between March 24 and April 12, 2025, affecting data from DaVita's dialysis labs database. The Interlock ransomware gang claimed responsibility and leaked approximately 1.5 terabytes of data. The stolen data included names, addresses, dates of birth, social security numbers, health insurance details, treatment information, and dialysis lab test results. In some cases, tax identification numbers and images of personal checks were also compromised. The impact includes potential identity theft and financial fraud for affected individuals.

Open in new tab