Cyber Incident Victim: Cookeville Regional Medical Center

On July 14, 2025, Cookeville Regional Medical Center discovered a network intrusion on its systems and launched an investigation that determined certain files had been stolen in the days prior. The medical center, which operates a 289‑bed hospital and outpatient locations in Tennessee, posted a data breach notice on its website describing the incident. The investigation revealed that the compromised information could include names, dates of birth, addresses, Social Security numbers, driver’s license numbers, financial account numbers, medical treatment details, and health insurance policy data. Cookeville Regional Medical Center informed the Maine Attorney General’s Office that the breach affects more than 337,000 individuals.

In August 2025, the Rhysida ransomware group listed Cookeville Regional Medical Center on its leak website, claiming to have exfiltrated more than 370,000 files totaling approximately 500 gigabytes. The group stated that it had attempted to sell the stolen data for 10 bitcoin, which was valued at roughly one million dollars at the time, but reported that no buyer was found. Consequently, the attackers made the data freely available for download from the leak site. The ransomware group’s claims about the volume and size of the stolen data have not been independently verified by the medical center.

Cookeville Regional Medical Center has stated that it has no evidence that any of the compromised information has been misused as a result of the breach. The organization acknowledged that, when data is taken by a ransomware group and released online, the risk of abuse remains significant. In response, Cookeville Regional Medical Center is providing identity theft protection services exclusively to individuals whose Social Security numbers or driver’s license numbers were included in the stolen data. The medical center continues to monitor the situation and has not announced any additional remedial measures beyond those protections.