Ransomware attack on Cookeville Regional Medical Center exposes data of 337,000 individuals

A ransomware attack on Cookeville Regional Medical Center, a 289-bed healthcare provider in Tennessee, has compromised the personal and medical information of approximately 337,000 individuals after hackers exfiltrated roughly 500GB of data from its systems.

The hospital detected suspicious activity on July 14, 2025, and launched an investigation in coordination with law enforcement and a forensic cybersecurity firm. The investigation determined that an unauthorized third party accessed the hospital’s network between July 11 and July 14, during which time sensitive files were viewed or stolen.

The breach has been attributed to the Rhysida ransomware group, which later listed the healthcare organization on its data leak site in August 2025. The group claimed to have taken more than 370,000 files and initially attempted to sell the data for 10 bitcoin, valued at around $1 million at the time. After failing to secure a buyer, the group made the stolen data publicly available for download.

Cookeville Regional Medical Center confirmed that the compromised data varies by individual but may include names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account details, and medical and health insurance information. The hospital has begun notifying affected individuals by mail where valid contact information is available.

The organization stated that it has no evidence that the exposed information has been misused. However, it acknowledged the potential risks associated with the unauthorized access and disclosure of such data.

In response, the hospital is offering complimentary identity theft protection services to individuals whose Social Security or driver’s license numbers were involved. It has also advised affected individuals to closely monitor financial accounts and credit reports, report any suspicious activity, and take precautionary steps to guard against identity theft and fraud.