A ransomware attack last week against Cookeville Regional Medical Center remains under investigation.
CRMC officials have continued to keep the internet off while the investigation is ongoing, and that is affecting some operations at the hospital while they continue to care for patients.
“As soon as we realized something was going on, we shut down internet access to remove their ability to do anything,” CRMC Chief Information Officer Tim McDermott said Tuesday. “We pulled the plug.”
CRMC confirmed July 15 that the medical center was the victim of a ransomware attack after reporting a “network security incident” the day before.
“CRMC Information System (IS) recently began experiencing some unusual activity which created a technical outage on Sunday, July 13, 2025, that disrupted some of CRMC’s computer systems,” CRMC said in a press release July 15. “While the investigation is ongoing and will take some time, this appears to be a ransomware attack. Cookeville Regional notified federal law enforcement and engaged external security experts to assist us with the investigation and recovery.”
While the attack has caused CRMC officials to temporarily shut down the internet, CRMC CEO Buffy Key said the hospital is still caring for patients.
CRMC staff were caring for 248 patients Tuesday, according to Key.
The internet outage has affected to ability of employees to send email and of medical providers to e-prescribe prescriptions. Billing has also been interrupted by the ransomware attack, but surgeries are continuing to happen as scheduled.
“Having started in healthcare when we did everything on pen and paper, it’s amazing how many things we take for granted,” Key said.
“Local businesses have offered to print things for us,” she said. “Luckily, we’ve not had to use a lot of people. Everybody has just been overwhelmingly positive and helpful, which makes you proud of your community.
“We meet all day, every day on this, talking to the cyber experts that are helping us and doing their investigation,” Key said. “Our main focus is patients and all our people making sure they can still take care of patients. Obviously, there’s a little slowness here and there, but our IT department has been phenomenal. They’ve been here 24 hours a day since this first started and probably will be for days to come.”
CRMC officials said they weren’t able to release additional information about the ransomware attack after Tuesday’s planning committee meeting at the hospital.
“I know people have a lot of questions,” Key said. “I guarantee we have more.”
Hospitals have become a number one target of ransomware attacks, according to McDermott, who noted that CRMC uses two companies to monitor potential issues.
“We do have two that we primarily use that monitor all our environment and also do a managed service remotely where they’re monitoring activity that sensors are picking up inside the building,” he said.
