Industry - Data Breach
Executive Summary
Cookeville Regional Medical Center in Tennessee disclosed a ransomware attack that compromised personal and medical data of over 337,000 individuals, including Social Security numbers, financial information, and health records. The Rhysida ransomware group stole approximately 370,000 files and, after failing to sell the data for roughly $1 million, made it freely available online, significantly increasing the risk of identity theft and fraud. The hospital is offering identity theft protection...
What Happened
On July 14, 2025, Cookeville Regional Medical Center in Tennessee discovered a ransomware attack by the Rhysida group that had compromised its network in preceding days. The attackers stole over 370,000 files containing personal and medical information of more than 337,000 individuals, including names, Social Security numbers, driver's license numbers, financial account details, medical treatment records, and health insurance information. After failing to sell the stolen 500 GB dataset for approximately $1 million in bitcoin, the Rhysida group made all the data freely available for download online in August 2025.
Who Is Affected
More than 337,000 patients and individuals associated with Cookeville Regional Medical Center are affected by this breach. The compromised data includes highly sensitive information such as Social Security numbers, driver's license numbers, financial account numbers, medical treatment details, and health insurance policy information. Those whose Social Security numbers or driver's license numbers were stolen face elevated risk of identity theft and financial fraud now that the data is publicly accessible online.
Why It Matters
This incident demonstrates the escalating threat to healthcare organizations, which hold some of the most sensitive personal data while often lacking robust cybersecurity defenses. The public release of the stolen data significantly amplifies the risk beyond typical ransomware scenarios where data might remain controlled by the attackers. With complete medical histories, financial details, and identity documents now freely available, affected individuals face long-term exposure to identity theft, medical fraud, and financial crimes that could persist for years.
What You Should Do
If you are a patient or associate of Cookeville Regional Medical Center, immediately enroll in the identity theft protection services being offered by the hospital if your Social Security number or driver's license was compromised. Place fraud alerts with the three major credit bureaus (Equifax, Experian, and TransUnion) and consider freezing your credit to prevent unauthorized account openings. Monitor all financial accounts, medical billing statements, and explanation of benefits documents for suspicious activity, and review your credit reports regularly for unauthorized accounts or inquiries.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.