Cookeville Regional Medical Center in Cookeville, Tennessee, has confirmed that a ransomware attack in 2025 exposed the personal and protected health information of 337,917 individuals, marking one of the more significant healthcare data breaches reported in recent months. The incident underscores the growing cybersecurity challenges facing healthcare providers as threat actors increasingly target sensitive patient data.
The medical center detected the ransomware attack on July 14, 2025, and immediately initiated response protocols to contain the breach and prevent further unauthorized access. A subsequent forensic investigation revealed that the attackers had access to the organization’s network between July 11 and July 14, 2025, providing a window during which sensitive data may have been compromised.
Cookeville Regional Medical Center initially disclosed the attack shortly after detection and later issued a follow-up notification once it was confirmed that personal and protected health information had been exposed. The breach was reported to the U.S. Department of Health and Human Services’ Office for Civil Rights in August 2025 with a preliminary estimate of 500 affected individuals, as the full scope of the incident was still under investigation.
After several months of detailed file analysis, the organization completed its review on March 16, 2026, identifying a total of 337,917 affected individuals. Notification letters are now being distributed to those impacted, supported by updated contact information to ensure timely communication.
The types of compromised information vary by individual but may include names in combination with sensitive data such as addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account details, medical treatment information, medical record numbers, and health insurance policy information. The breadth of exposed data highlights the severity of the breach and the potential risks associated with identity theft and fraud.
Although there is currently no evidence indicating misuse of the stolen information, Cookeville Regional Medical Center has advised affected individuals to remain vigilant. Patients are encouraged to monitor their financial accounts, review explanation of benefits statements, and report any suspicious activity promptly.
To support impacted individuals, the medical center is offering 12 months of complimentary credit monitoring and identity theft protection services. In parallel, the organization has implemented additional technical safeguards and security enhancements aimed at strengthening its defenses against future cyber incidents.
The Rhysida ransomware group has claimed responsibility for the attack, listing Cookeville Regional Medical Center on its dark web leak site. According to the group, approximately 538 gigabytes of data were exfiltrated during the breach. The group further indicated that around 70% of the stolen data has been publicly released, while suggesting that a portion of the data may have been sold.
This incident highlights the increasing sophistication and impact of ransomware attacks within the healthcare sector, where large volumes of highly sensitive data make organizations prime targets. As cyber threats continue to evolve, healthcare providers are under mounting pressure to enhance cybersecurity strategies, improve incident response capabilities, and safeguard patient information against emerging risks.
Recommended Cyber Technology News :
- Spring Lake Park Schools Closed After Cyber Ransomware Attack
- Vivaticket Ransomware Attack Disrupts Louvre, European Sites
- Ransomware Attack Disrupts Major Spanish Fishing Port
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
