MURFREESBORO – On April 22, 2023, Murfreesboro Medical Clinic & SurgiCenter (“MMC”) was the victim of a sophisticated criminal cyberattack.  In response, they rapidly initiated an emergency shutdown of their network to limit the spread of the attack within the systems and those of their technology partners. Since that time, they have been working with law enforcement agencies and third-party experts to identify the source and scope of the attack in order to restore normal clinic operations. Their first priority was to contain the incident and protect our patients and employees.

​In conjunction with law enforcement, they continue to investigate the incident while also taking action on their infrastructure to, hopefully, prevent any further attacks. With the quick detection by their technology experts, they believe they have been able to limit the impact of this criminal attack.  They are currently in the process of restoring their systems safely with enhanced security features and controls. While that process is being undertaken, MMC has closed all operations. As of Thursday, all scheduled appointments for May 4 have been canceled.

Joey Peay, CEO of MMC, said, “Preserving sensitive patient and employee information is of the utmost importance to MMC, but like so many other organizations around the country and despite its best efforts, MMC has found itself as the target of criminals attempting to steal personal or company data.  I want to thank our patients and employees for their understanding and patience while we work to make sure our computer infrastructure is secure and free of any harmful software.”

They have worked to communicate closures with all patients in a timely manner using all methods of communication at our disposal.  Future updates regarding clinic operations will be posted to their website, social media platforms, and through emails and phone calls directly to patients.  In a recent press release, they apologize for the “vagueness” of their recent communications, as they said they did not want to do anything that would impede law enforcement’s investigative efforts.

While they have not confirmed that any specific patient, employee, or corporate data was accessed or removed from our network, patients and employees of MMC are encouraged to monitor their personal data for any misuse.  Personal data could include names, enrollment information such as group name, identification number, claims or treatment information such as claim numbers, dates of service, procedures, prescription information, dates of birth, email addresses, phone numbers, driver’s license numbers, and, in some cases, social security numbers.  Please note that MMC does not store credit card or bank account information within its network.