Comparitech is reporting that Cookeville Regional Medical Center in TN yesterday confirmed it notified over 337K people of a July 2025 data breach that compromised names, SSNs, financial account numbers, medical treatment info, health insurance info, and much more.
Commenting on this is Rebecca Moody, Head of Data Research at Comparitech:
“This data breach becomes the eighth-largest on a US healthcare provider from 2025 (following a ransomware attack), and highlights how we often don’t realize just how extensive these attacks are until months (or sometimes years) after the event. It can take a considerable amount of time for organizations to investigate what data has been impacted in these breaches, which is why CRMC needs to be applauded for how it approached this attack.
From the outset, CRMC has been honest about the nature of the incident and was open about the fact it had fallen victim to a ransomware attack at the time. It also confirmed that data had been breached within a couple of months of the attack taking place, while its investigations into exactly who had been involved were ongoing.
While some organizations avoid using the word “ransomware” and don’t issue any form of data breach notification for months, this lack of clarity and confirmation can leave those affected open to identity theft and phishing campaigns. Hopefully, many of the people impacted in this breach were aware of the attack in its early stages, so the letters being issued now are more of a formality than a shock.”
Stop me if you’re heard this before. Health care is a sector that is a prime target for threat actors. This needs to stop via providing this sector with what they need to stop getting pwned like this.
Like this:
Like Loading...
Related
This entry was posted on April 15, 2026 at 12:44 pm and is filed under Commentary with tags Comparitech. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Cookeville Regional Medical Center warns 338,000 people of data breach
Comparitech is reporting that Cookeville Regional Medical Center in TN yesterday confirmed it notified over 337K people of a July 2025 data breach that compromised names, SSNs, financial account numbers, medical treatment info, health insurance info, and much more.
Commenting on this is Rebecca Moody, Head of Data Research at Comparitech:
“This data breach becomes the eighth-largest on a US healthcare provider from 2025 (following a ransomware attack), and highlights how we often don’t realize just how extensive these attacks are until months (or sometimes years) after the event. It can take a considerable amount of time for organizations to investigate what data has been impacted in these breaches, which is why CRMC needs to be applauded for how it approached this attack.
From the outset, CRMC has been honest about the nature of the incident and was open about the fact it had fallen victim to a ransomware attack at the time. It also confirmed that data had been breached within a couple of months of the attack taking place, while its investigations into exactly who had been involved were ongoing.
While some organizations avoid using the word “ransomware” and don’t issue any form of data breach notification for months, this lack of clarity and confirmation can leave those affected open to identity theft and phishing campaigns. Hopefully, many of the people impacted in this breach were aware of the attack in its early stages, so the letters being issued now are more of a formality than a shock.”
Stop me if you’re heard this before. Health care is a sector that is a prime target for threat actors. This needs to stop via providing this sector with what they need to stop getting pwned like this.
Share this:
Like this:
Related
This entry was posted on April 15, 2026 at 12:44 pm and is filed under Commentary with tags Comparitech. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.