Columbia Surgical Partners, a surgical clinic in Columbia, Tennessee, said this week it could not access electronic medical records after a reported ransomware attack hit its parent company.
Electronic medical records are central to scheduling, surgical preparation and continuity of care, making access problems potentially disruptive for patients and staff.
Columbia Surgical Partners is a general, robotic and breast surgery practice with offices in Columbia, Pulaski and Lawrenceburg. Columbia is the Maury County seat, about 45 miles south of Nashville.
WSMV reported that Columbia Surgical Partners alerted patients Wednesday that its parent company had been hit by what the clinic called a “ransomware attack” and that the clinic was “unable to access our electronic medical records.”
The clinic did not give a timetable for restoration. WSMV reported the surgery facility said the issue was being addressed and told patients, “We appreciate your patience.” A Google search preview for the clinic’s Facebook profile also showed clinic messaging saying staff were “not sure how long” they would be unable to see patient records, though the underlying Facebook post was no longer publicly visible when checked.
Public incident messaging can change during recovery. Federal guidance advises organizations to consult legal counsel after a breach, and lawyers commonly help guide post-incident communications, compliance obligations and litigation exposure once systems are restored. The reason the Columbia Surgical Partners post was no longer visible was not clear.
WSMV reported that Columbia Surgical Partners said its parent company had been hit by a ransomware attack. The clinic is run by Advanced Diagnostic Imaging, or ADI, out of Nashville, according to WSMV. Columbia Surgical Partners reported the patient-facing impact: it could not access electronic medical records. It was not clear whether other ADI sites or systems were affected.
Columbia Surgical Partners and ADI did not immediately respond to requests for comment.
The confirmed operational impact is EHR downtime at Columbia Surgical Partners. The clinic’s website lists phone numbers and addresses for its Columbia, Pulaski and Lawrenceburg offices but did not show a public restoration update.
The clinic’s website says its surgeons provide general and breast surgery services and lists patient forms, medical records release forms and surgery instructions.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
The ransomware description is based on WSMV’s report of the clinic’s patient alert. The Google-indexed Facebook preview supports that the clinic publicly referenced a patient-records access problem, but the original Facebook post could not be retrieved to verify the full wording.
No public ransomware group claim, ransom demand, law enforcement statement or breach notice confirming data theft tied to Columbia Surgical Partners or ADI was found.
The incident adds to a series of disruptive cyber incidents affecting health care providers across the Southeast. A February ransomware attack at the University of Mississippi Medical Center took Epic offline, closed clinics statewide and canceled outpatient appointments; Memorial Hospital and Manor in Bainbridge, Georgia, lost access to its electronic health record system after a 2024 ransomware attack; and Pinehurst Radiology Associates in North Carolina closed “for the foreseeable future” after suspicious network activity in 2025 later tied to a data breach.
Columbia Surgical Partners had not announced a restoration timeline as of DysruptionHub’s review. It remained unclear which ADI systems were affected, whether appointments or surgeries were delayed, whether data was taken, and whether law enforcement was notified. No threat actor or ransom demand has been publicly identified.
