Cookeville Regional Medical Center Data Breach Exposes Sensitive Patient Information
On March 16, 2026, Cookeville Regional Medical Center in Cookeville, Tennessee, concluded its investigation into a data breach that compromised highly sensitive patient information. The incident, detected on July 14, 2025, revealed that an unauthorized party accessed and potentially exfiltrated files containing personal and medical data between July 11 and July 14 of that year.
The exposed records included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account details, medical treatment information, medical record numbers, and health insurance policy details. The hospital partnered with a forensic security firm to confirm the breach and assess its scope.
Cookeville Regional has since begun notifying affected individuals, though legal professionals are also investigating the possibility of a class action lawsuit on behalf of those impacted. The breach raises concerns about potential financial fraud, identity theft, and long-term privacy risks for patients. No further details on the attackers’ identity or motives have been disclosed.
Source: https://www.classaction.org/data-breach-lawsuits/cookeville-regional-medical-center-september-2025
Cookeville Regional Medical Center cybersecurity rating report: https://www.rankiteo.com/company/crmc
"id": "CRM1776292293",
"linkid": "crmc",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Cookeville, Tennessee',
'name': 'Cookeville Regional Medical Center',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Notifying affected individuals',
'data_breach': {'data_exfiltration': 'Potentially exfiltrated',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of birth',
'Social Security '
'numbers',
'Driver’s license '
'numbers',
'Financial account '
'details',
'Medical treatment '
'information',
'Medical record '
'numbers',
'Health insurance '
'policy details'],
'sensitivity_of_data': 'Highly sensitive',
'type_of_data_compromised': ['Personal data', 'Medical data']},
'date_detected': '2025-07-14',
'date_publicly_disclosed': '2026-03-16',
'description': 'Cookeville Regional Medical Center in Cookeville, Tennessee, '
'concluded its investigation into a data breach that '
'compromised highly sensitive patient information. The '
'incident revealed that an unauthorized party accessed and '
'potentially exfiltrated files containing personal and medical '
'data between July 11 and July 14, 2025.',
'impact': {'brand_reputation_impact': 'Raises concerns about potential '
'financial fraud, identity theft, and '
'long-term privacy risks for patients',
'data_compromised': 'Personal and medical data, including names, '
'addresses, dates of birth, Social Security '
'numbers, driver’s license numbers, financial '
'account details, medical treatment '
'information, medical record numbers, and '
'health insurance policy details',
'identity_theft_risk': 'High',
'legal_liabilities': 'Investigation into the possibility of a '
'class action lawsuit',
'payment_information_risk': 'High'},
'investigation_status': 'Concluded',
'references': [{'source': 'Incident Report'}],
'regulatory_compliance': {'legal_actions': 'Investigation into the '
'possibility of a class action '
'lawsuit'},
'response': {'communication_strategy': 'Began notifying affected individuals',
'third_party_assistance': 'Partnered with a forensic security '
'firm'},
'title': 'Cookeville Regional Medical Center Data Breach Exposes Sensitive '
'Patient Information',
'type': 'Data Breach'}