Ransomware Attack on Tennessee Hospital Exposes Data of 337,000
AI-generated from multiple sources. Verify before acting on this reporting.
COOKEVILLE, Tenn. — A ransomware attack on Cookeville Regional Medical Center has compromised the personal and medical information of more than 337,000 individuals, the hospital announced Thursday. The breach, attributed to the Rhysida ransomware group, marks a significant escalation in cybersecurity threats facing healthcare providers in the region.
The incident was detected on April 16, 2026. Hospital officials stated that the attack resulted in the unauthorized access and exfiltration of sensitive data. The compromised information includes names, addresses, dates of birth, Social Security numbers, and medical records for patients, employees, and third-party vendors.
Rhysida, a cybercriminal group known for targeting healthcare institutions, claimed responsibility for the intrusion. The group demanded a ransom payment in exchange for the return of encrypted data and a promise not to publish the stolen information. When negotiations failed to produce a buyer for the data, the group proceeded to leak the information online.
Cookeville Regional Medical Center has engaged cybersecurity experts to investigate the scope of the breach and secure its networks. The hospital has notified affected individuals and state authorities. Tennessee state officials are monitoring the situation to ensure compliance with data breach notification laws.
The attack has disrupted hospital operations, forcing staff to rely on manual processes for patient care and administrative tasks. Emergency services remain fully operational, but non-urgent appointments have been rescheduled. Hospital administrators have assured the public that patient safety remains the top priority.
Cybersecurity experts warn that healthcare systems are prime targets for ransomware attacks due to the critical nature of their services and the high value of medical data on the black market. The Rhysida group has been linked to similar attacks on other healthcare facilities across the United States in recent months.
The hospital is offering free credit monitoring and identity theft protection services to affected individuals for a period of one year. A dedicated hotline has been established to answer questions from patients and staff regarding the breach.
Federal authorities are investigating the incident. The FBI and the Department of Health and Human Services Office for Civil Rights are working with hospital officials to determine the full extent of the data loss and to identify the perpetrators.
The attack highlights the ongoing vulnerability of healthcare infrastructure to cyber threats. As hospitals continue to digitize records and interconnected systems, the risk of large-scale data breaches remains a critical concern for the industry.
Questions remain regarding the long-term impact on patient trust and the potential for further data leaks. The hospital has not disclosed whether the Rhysida group has retained copies of the stolen data or if the threat of future publication persists.