Skip to content
Cory Watson Attorneys Logo
  • Cases We Handle
    • Personal Injury
      • Car Accidents
      • Truck Accidents
      • Motorcycle Accidents
      • Pedestrian Accidents
      • Food Poisoning
      • Nursing Home Abuse
      • All Cases We Handle
    • Defective Products
      • NEC Baby Formula Lawsuit
      • Bard Power Port Lawsuit
      • Exactech Connexion GXL Hip Liner Lawsuit
      • Hernia Mesh Lawsuit
      • Portable Blender Lawsuit
      • Pressure Cooker Lawsuit
      • Paragard Lawsuit
    • Drug Injury
      • Ozempic Lawsuit
      • Oxbryta Lawsuit
      • Paragard Lawsuit
    • Class Action
      • Data Breach
      • Ford Recall
    • Environmental Injury
      • AFFF Lawsuit
      • Ethylene Oxide Lawsuit
      • Roundup Lawsuit
      • Camp Lejeune Lawsuit
      • C-8 Dupont Lawsuit
      • East Palestine Train Derailment Lawsuit
  • Office Locations
    • Birmingham
    • Memphis
    • Nashville
  • About Us
    • Our Attorneys
    • Testimonials
    • Case Results
    • Attorney Referrals
    • Cory Watson Cares
  • Blog
    • Firm News
    • Veteran Friendly
  • Contact
  • Search
Call 24/7 – (877) 562-0000
Cory Watson advocates for patients affected by AI Chatbot Harm. SUBMIT A CLAIM
Cory Watson advocates for patients affected by Bard PowerPort®. SUBMIT A CLAIM
Cory Watson advocates for patients affected by a Data Breach. SUBMIT A CLAIM
Cory Watson advocates for patients affected by Social Media Addiction. SUBMIT A CLAIM

Cookeville Regional Medical Center Data Breach: What Victims Need to Know

Cory Watson Personal Injury Attorneys  >  Blog  >  Cookeville Regional Medical Center Data Breach: What Victims Need to Know

April 22, 2026 | By Cory Watson Attorneys
Cookeville Regional Medical Center Data Breach: What Victims Need to Know

If you received a data breach notification letter from Cookeville Regional Medical Center, your sensitive personal and medical information may have been exposed in a ransomware attack. Cory Watson Attorneys is investigating claims on behalf of affected individuals. Contact us today for a free, no-obligation consultation.

Cookeville Regional Medical Center (CRMC), a city-owned regional hospital in Cookeville, Tennessee, has confirmed that a ransomware attack compromised the personal and medical data of 337,917 individuals. The hospital began mailing breach notification letters on April 14, 2026, more than nine months after the cyberattack took place.

The scope of this breach is significant. The stolen data includes Social Security numbers, medical records, financial account details, and other highly sensitive information that puts affected individuals at serious risk for identity theft, medical fraud, and financial harm.

If you or a loved one received a notification letter from CRMC, or if you were a patient at any CRMC-affiliated facility before July 2025, you may have legal options. Here is what we know so far and what you can do to protect yourself.

What Happened at Cookeville Regional Medical Center?

On July 14, 2025, Cookeville Regional Medical Center detected suspicious activity on its computer network. The hospital launched an internal investigation, contacted law enforcement, and hired a forensic cybersecurity firm to determine the scope of the intrusion.

That investigation revealed that an unauthorized third party accessed CRMC's computer network between July 11 and July 14, 2025. During that four-day window, the attackers were able to view and steal files containing patient information. The attack also caused a technical outage that disrupted some of the hospital's computer systems, leading to reported delays in test results, cancelled appointments, and problems scheduling surgeries at outpatient offices.

A cybercriminal organization known as the Rhysida ransomware group claimed responsibility for the attack on August 2, 2025. Rhysida is a Russia-linked ransomware-as-a-service operation that has been active since May 2023 and has targeted healthcare organizations across the United States. The group demanded a ransom of 10 Bitcoin, valued at approximately $1.15 million at the time, and posted sample files on its dark web leak site as proof of the stolen data.

According to multiple cybersecurity news outlets, Rhysida claimed to have stolen approximately 538 gigabytes of data from CRMC. The group subsequently published a large portion of this data on its dark web leak site after reportedly failing to find a buyer for the full dataset. Reports indicate that roughly 70% of the data was leaked publicly, while the remaining 30% may have been sold to an unknown party.

It remains unclear whether CRMC paid the ransom.

What Information Was Exposed?

The types of data compromised vary from person to person, but according to CRMC's breach notification, the stolen files may include:

  • Full names
  • Home addresses
  • Dates of birth
  • Social Security numbers
  • Driver's license numbers
  • Government-issued ID numbers (such as passports and state ID cards)
  • Financial account numbers
  • Medical treatment information
  • Medical record numbers
  • Health insurance policy information

This combination of data is considered extremely high-risk by cybersecurity experts. Social Security numbers, for example, cannot be changed and can be used to open fraudulent accounts, file false tax returns, or commit other forms of identity theft for years after a breach. Medical records are particularly valuable on the dark web because they can be used for fraudulent prescriptions, false insurance claims, and other forms of medical identity theft that are difficult to detect and resolve.

The fact that much of this data has already been published on the dark web makes the risk to affected individuals even more urgent.

Who Was Affected by the CRMC Data Breach?

The breach affected 337,917 individuals across the United States. CRMC serves approximately 250,000 patients annually across 14 counties in Tennessee's Upper Cumberland region, and its service area extends into parts of Kentucky. State-level filings confirm that at least 22 Maine residents and 529 Texas residents were among those affected.

You may be affected if you were a patient at CRMC or any of its affiliated facilities at any time before or around July 2025. Those affiliated facilities include:

  • Cookeville Regional Medical Group
  • Cookeville Regional Home Health
  • The Cancer Center at Cookeville Regional
  • The Heart Center at Cookeville Regional
  • The Surgery Center at Cookeville Regional
  • The Women's Center at Cookeville Regional
  • The Sleep Center at Cookeville Regional
  • The Diabetes Center at Cookeville Regional
  • The Imaging Center at Cookeville Regional
  • The Inpatient Rehabilitation Center at Cookeville Regional
  • The Spine Center of Cookeville Regional

It is also important to note that CRMC stated it is only mailing notification letters to individuals for whom it has a valid mailing address. That means some affected individuals may never receive a letter. If you were a CRMC patient and have moved or changed your address, your data may still have been compromised even if you did not receive a notice.

If you believe you may have been affected, Cory Watson Attorneys can help you determine your options. Reach out for a free case review.

Why the Nine-Month Notification Delay Matters

One of the most concerning aspects of this breach is the timeline between the attack and when affected individuals were notified.

The ransomware attack occurred between July 11 and July 14, 2025. CRMC reported the breach to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights in August 2025, initially using a placeholder figure of 500 affected individuals. However, the full forensic review of the compromised files was not completed until March 16, 2026. Notification letters were not mailed until April 14, 2026.

That means affected individuals went more than nine months without an official notification that their data had been stolen, and during much of that time, the Rhysida ransomware group had already published stolen data on the dark web. Victims had no way to know they needed to take protective action, such as freezing their credit or monitoring their accounts for fraud.

According to Comparitech, a cybersecurity research firm, this breach ranks as the eighth-largest U.S. healthcare ransomware breach of 2025 by number of records compromised. Security researchers have noted that long delays between a breach and victim notification substantially increase the risk of identity theft and targeted phishing campaigns.

What Is CRMC Offering Affected Individuals?

CRMC is offering affected individuals 12 months of complimentary credit monitoring and identity theft protection through Experian IdentityWorks. However, before accepting any offer from CRMC, you should speak with a data breach attorney. Accepting services or benefits offered in a breach notification letter may affect your legal rights and could impact the outcome of any future claim or lawsuit.

Beyond that concern, this offer comes with additional limitations worth understanding.

First, identity theft protection services are reportedly only being offered to individuals whose Social Security numbers or driver's license numbers were specifically identified in the compromised files. Not all 337,917 affected individuals may receive this protection.

Second, 12 months of credit monitoring may be insufficient given the nature of the stolen data. Social Security numbers and medical records can be exploited for years, and the effects of identity theft often surface long after a one-year monitoring period expires.

Third, while CRMC has stated that it has implemented additional technical security measures since the attack, the hospital has not publicly disclosed what those measures are. CRMC has also stated it has "no evidence" that any information has been misused, but given that the stolen data was published on the dark web, the risk of future misuse is substantial.

What Should You Do If You Were Affected?

If you received a breach notification letter from Cookeville Regional Medical Center, or if you believe your information may have been compromised, take the following steps as soon as possible:

  1. Talk to a lawyer before accepting anything from CRMC. CRMC is offering credit monitoring and identity theft protection services to some affected individuals. Before enrolling in any services or accepting anything offered in the notification letter, speak with a data breach attorney first. Accepting these offers may affect your legal rights and could impact the outcome of any future claim. Do not assume that accepting credit monitoring is a harmless step — it is worth confirming with an attorney before you respond.
  2. Place a fraud alert or credit freeze on your credit reports. Contact all three major credit bureaus (Equifax, Experian, and TransUnion) to place a fraud alert, which is free and lasts one year, or a credit freeze, which is also free and blocks new credit applications until you lift it.
  3. Review your financial accounts regularly. Check your bank statements and credit card statements for any unauthorized charges or unfamiliar transactions.
  4. Request your free credit reports. Visit annualcreditreport.com or call 1-877-322-8228 to obtain your reports from all three bureaus and look for accounts or inquiries you do not recognize.
  5. Monitor your Explanation of Benefits (EOB) statements. Review any statements you receive from your healthcare providers or insurers. If you see medical services you did not receive, it could be a sign of medical identity theft.
  6. Report any suspicious activity. File a report with the Federal Trade Commission at identitytheft.gov, contact your local police department, and notify your state attorney general's office.
  7. Consult a data breach attorney. Even if you have not yet experienced fraud, you may have legal rights and options for compensation. The exposure of sensitive personal data alone can be grounds for a claim. Learn more about how our data breach lawyers can help.

Your Legal Rights After the CRMC Data Breach

Healthcare providers have a legal obligation to protect patient data. When a hospital fails to implement adequate cybersecurity safeguards and a breach occurs, affected individuals may be entitled to compensation. An experienced data breach lawyer can help you understand your rights and pursue the compensation you deserve.

Potential legal claims may be based on several grounds, including failure to implement reasonable cybersecurity protections, failure to timely notify affected individuals of the breach, negligence in safeguarding sensitive patient information, and violations of HIPAA and applicable state data breach notification laws.

Individuals affected by this breach may be able to recover compensation for a range of harms, such as out-of-pocket costs related to identity theft protection, time and effort spent monitoring accounts and responding to the breach, documented instances of fraud or identity theft, emotional distress and anxiety caused by the exposure of private medical and financial information, and the loss of privacy itself.

Healthcare data breaches are taken especially seriously under the law because medical information is among the most sensitive categories of personal data. Breaches involving protected health information (PHI) carry significant legal implications for the entities responsible for safeguarding that data.

Cory Watson Attorneys is actively reviewing claims related to the Cookeville Regional Medical Center data breach. If you received a notification letter or believe your information was compromised, contact us today for a free consultation. There is no cost and no obligation to speak with our team about your rights.

About Cookeville Regional Medical Center

Cookeville Regional Medical Center is a city-owned regional hospital located at 1 Medical Center Boulevard, Cookeville, Tennessee 38501. Founded in 1921, the hospital operates approximately 269 beds and employs over 2,400 people across more than 40 medical and surgical specialties.

CRMC is a major healthcare provider in the Upper Cumberland region, serving patients across 14 counties in Tennessee and parts of Kentucky. Between July 2024 and June 2025, the hospital reported approximately 46,995 emergency room visits, 13,182 inpatient admissions, 186,935 outpatient visits, 36,841 urgent care visits, 1,795 newborn deliveries, and 10,642 surgeries.

Frequently Asked Questions

What happened in the Cookeville Regional Medical Center data breach?

A ransomware attack by the Rhysida cybercriminal group compromised CRMC's computer network between July 11 and July 14, 2025. The attackers accessed and stole files containing the personal and medical information of 337,917 individuals. The stolen data was subsequently posted on the dark web.

What information was stolen in the CRMC data breach?

Depending on the individual, stolen data may include names, addresses, dates of birth, Social Security numbers, driver's license numbers, government-issued ID numbers, financial account numbers, medical treatment records, medical record numbers, and health insurance policy details.

How do I know if I was affected by the Cookeville Regional data breach?

If you were a patient at CRMC or any of its affiliated facilities before July 2025, your data may have been compromised. CRMC is mailing notification letters to affected individuals, but only those with a valid address on file will receive one. If you are unsure, contact CRMC directly or speak with a data breach attorney.

What should I do if I received a data breach notification letter from CRMC?

Before taking any action in response to your notification letter, speak with a data breach attorney. Accepting offers such as credit monitoring may affect your legal rights. An attorney can advise you on what steps to take.

How long do I have to take legal action after a data breach?

Statutes of limitations vary by state and by the type of claim. It is important to act promptly. Contact a data breach attorney as soon as possible to ensure your rights are preserved.

Contact Cory Watson Attorneys

If you or someone you know was affected by the Cookeville Regional Medical Center data breach, Cory Watson Attorneys is here to help. Our team is investigating claims on behalf of individuals whose personal and medical information was compromised in this incident.

There is no cost to speak with us, and you are under no obligation to take action after your consultation. We are committed to holding organizations accountable when they fail to protect the sensitive information entrusted to them.

Contact Cory Watson Attorneys for a free case evaluation.

Contact Our 24/7 Nationwide Lawyers

* Required Fields

  • This field is for validation purposes and should be left unchanged.
  • This field is hidden when viewing the form
  • This field is hidden when viewing the form
  • This field is hidden when viewing the form

Practice Areas

  • Trussville Car Accident Lawyer
  • Homewood Car Accident Lawyer
  • Car Accident Lawyer in Alabaster AL
  • Pedestrian Accident Lawyer
  • Pedestrian Accident Lawyer
  • Pedestrian Accident Lawyer
  • Pedestrian Accident Lawyer
  • Pedestrian Accident Lawyer
  • Pedestrian Accident Lawyer
  • Pedestrian Accident Lawyer

Table Of Contents

  • What Happened at Cookeville Regional Medical Center?
  • What Information Was Exposed?
  • Who Was Affected by the CRMC Data Breach?
  • Why the Nine-Month Notification Delay Matters
  • What Is CRMC Offering Affected Individuals?
  • What Should You Do If You Were Affected?
  • Your Legal Rights After the CRMC Data Breach
  • About Cookeville Regional Medical Center
  • Frequently Asked Questions
  • Contact Cory Watson Attorneys

Contact Cory Watson Attorneys

Talking to an experienced attorney from anywhere in the United States shouldn’t be a hassle.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form

Office Locations

Memphis Office
254 Court Avenue
Suite 511
Memphis, TN 38103
(901) 402-2000
Nashville Office
1033 Demonbreun St.
Suite 300
Nashville, TN 37203
(615) 205-0000
Birmingham Office
2131 Magnolia Ave S.
Birmingham, AL 35205
(205)328-2200
Cory Watson Logo
  • About Us
  • Blog
  • Our Attorneys
  • Testimonials
  • Case Results
  • Contact Us
© 2026 Cory Watson Attorneys. | All Rights Reserved. | Sitemap

Alabama Rules of Professional Conduct require the following disclaimer: Case descriptions, recoveries and testimonials presented here are not an indication of future results. Every case is different and must be evaluated on its own facts and circumstances as they apply to the law. Litigation outcome and valuation depend on many factors including jurisdiction, venue, witnesses, parties, testimony and documentary evidence. Furthermore, no representation is made that the quality of legal services to be performed is greater than the quality of legal services performed by other lawyers. Leila H. Watson, 2131 Magnolia Avenue, Birmingham, Alabama 35205, 205-271-7102, is responsible for the contents of this website.

Cory Watson Attorneys SMS and MMS Messaging program assists with lead follow-ups, documents, and screening cases. Message and data rates may apply. Message Frequency May Vary. For help, reply HELP. To opt out, reply STOP. Carriers are not liable for delayed or undelivered messages. For our privacy policy, See Here.

We use cookies and similar technologies to support this website's essential functions, as well as for analytics, personalization, and marketing purposes.