Cookeville Regional Medical Center in Cookeville, Tennessee, has recently confirmed that a 2025 ransomware attack exposed the personal and protected health information of 337,917 individuals. Cookeville Regional Medical Center identified the ransomware attack on July 14, 2025, and immediately took action to prevent further unauthorized access to its network. The forensic investigation determined that the ransomware group had access to its computer network between July 11, 2025, and July 14, 2025.

The attack was announced by Cookeville Regional Medical Center promptly, and within a couple of months, when it was confirmed that personal and protected health information had been exposed, a further announcement was made, warning patients about potential data theft. The data breach was reported to the HHS’ Office for Civil Rights in August 2025, using a placeholder figure of 500 individuals; however, it has taken several months to review all of the exposed data.

On March 16, 2026, the file review was completed, and Cookeville Regional Medical Center obtained the full list of affected individuals. Up-to-date contact information was obtained, and notification letters are now being sent. The types of importation exposed in the incident vary from individual to individual, and may include names in combination with some or all of the following: address, date of birth, Social Security number, driver’s license number, financial account number, medical treatment information, medical record number, and/or health insurance policy information.

The affected individuals have been advised to remain vigilant against misuse of their information and should check their accounts and explanation of benefits statements carefully. While no evidence has been found to indicate misuse of the compromised data, Cookeville Regional Medical Center has offered the affected individuals complimentary credit monitoring and identity theft protection services for 12 months, and additional technical security measures have been implemented to prevent similar incidents in the future.

The Rhysida ransomware group claimed responsibility for the attack and added Cookeville Regional Medical Center to its dark web data leak site. Rhysida claims to have exfiltrated 538 gigabytes of data in the attack and has published the data that it has been unable to sell. The data leak site indicates 70% of the data has been leaked, which suggests that the group found a buyer for 30% of the data.

The post Ransomware Attack on Cookeville Regional Medical Center Affected 338K Individuals appeared first on The HIPAA Journal.