Medical Center in the US Has Been Taken Hostage by Hackers

05.08.2025 2 minutes Author: Newsman

In the midst of summer, the Cookeville Regional Medical Center in Tennessee found itself at the epicenter of one of the most high-profile attacks of 2025. On July 13, cybercriminals from the Rhysida group penetrated the hospital’s network, stealing dozens of confidential documents. Two weeks later, on August 2, CRMC appeared on a darknet auction — where Rhysida put the stolen data up for sale with a starting price of 10 BTC (over $1.1 million).

Scanned copies of the following have already appeared in public access:

  • driver’s licenses
  • patient medical histories
  • financial and tax documents
  • archives dating back to 2018

Despite this, the clinic’s management stated that vital care has not stopped, although patients complain on social media about denied examinations, canceled operations, and delayed results. One Facebook comment reads like a verdict: *“40 people waited for over 8 hours and no one explained anything. This is not a glitch, this is chaos.”*

Rhysida is a Russian-affiliated group with a dark reputation. Appearing in 2023, it has almost doubled the number of attacks in a year — now has over 200 victims. Hackers do not choose their targets out of respect — they attack the weakest: hospitals, schools, municipalities, even governments.

Known Rhysida techniques:

  1. phishing attacks for initial penetration

  2. use of Cobalt Strike to analyze internal vulnerabilities

  3. blackmail through emotional pressure: “either you pay or the patients suffer”

Among the victims are the governments of Peru and Canada, The Washington Times, the British Library, several American clinics, and even Seattle-Tacoma Airport, for which the hackers demanded 100 BTC.

CRMC is not a provincial hospital, but a medical center that serves 250,000 patients in 14 counties in Tennessee and Kentucky. It employs more than 2,500 people, 175 doctors and more than 40 specialized areas of medicine.

A breach of such a system is not just a theft of data, but a blow to the life support of people who need help right now. But Rhysida does not seem to be stopped by this.

What next?

The hospital management assures that the IT department works 24/7, and external experts and federal services have also been involved. However, specific deadlines for restoring networks and services have not yet been published. Patients are promised to be notified if the investigation proves that personal data has been leaked.

 The greater the vulnerability, the higher the chance of a ransom. Rhysida continues to use pressure, fear, and silence, which means that the hospital’s daily silence only strengthens the attackers’ position.

Subscribe
Notify of
0 Коментарі
Oldest
Newest Most Voted
Found an error?
If you find an error, take a screenshot and send it to the bot.