Cookeville Regional Medical Center Data Breach Exposes PHI and PII: 337,917 Affected

Cookeville Regional Medical Center, a 269-bed hospital in Cookeville, Tennessee, disclosed a data breach that affected approximately 337,917 individuals in the United States, including 529 Texas residents, 56 Massachusetts residents, 24 New Hampshire residents and 22 Maine residents.

The breach was disclosed to the U.S. Department of Health and Human Services on Sept. 12, 2025. Additional disclosures were posted to the attorneys general offices of Maine, Massachusetts, New Hampshire, Texas, and to the hospital's website.

Consumer notification letters were dated April 14, 2026.

On July 14, 2025, Cookeville Regional Medical Center discovered that it was the victim of a ransomware attack. A forensic investigation later determined that an unauthorized third party accessed the hospital's computer network and viewed or acquired certain files between July 11, 2025, and July 14, 2025.

On Aug. 2, 2025, a ransomware group known as Rhysida claimed responsibility for the attack on the Tor network. The group stated it had obtained the hospital's data and intended to publish it within six to seven days.

The hospital conducted a comprehensive review of the affected files to determine what personal information may have been viewed or taken. According to the consumer notification, that review was completed on March 16, 2026.

The types of information exposed included names, Social Security numbers, addresses, dates of birth, driver's license numbers, financial account numbers, health insurance policy information, medical record numbers and medical treatment information.

Cookeville Regional Medical Center's response to the breach

Cookeville Regional Medical Center is offering affected individuals a free one-year membership of Experian IdentityWorks Credit 3B. The service includes credit monitoring across all three major credit bureaus (Experian, Equifax and TransUnion), identity restoration support and Experian IdentityWorks ExtendCare, which provides identity restoration assistance even after the membership expires.

The service also includes up to $1 million in identity theft insurance. Enrollment instructions and a unique activation code were included in each notification letter.

The hospital has set up a dedicated phone line for affected individuals, available from 8 a.m. to 8 p.m. Central Time, Monday through Friday. The phone number was provided in the individual notification letters sent to consumers.

Steps to take if your information was exposed

• Place a credit freeze with all three credit bureaus to prevent anyone from opening new accounts using a stolen Social Security number, driver's license number or other personal details.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any accounts or inquiries that are not recognized.
• Monitor financial account statements for unauthorized transactions, since financial account numbers were among the types of information exposed in this breach.
• Review health insurance Explanation of Benefits statements for any medical services or claims that were not authorized, as health insurance policy information, medical record numbers and medical treatment information were compromised.
• Be cautious of phishing attempts that reference Cookeville Regional Medical Center or this breach by name, as scammers may try to use the incident to trick people into sharing additional personal information.
• Consider placing a fraud alert with one of the three major credit bureaus (Equifax, Experian or TransUnion), which will automatically notify the other two.