Cookeville Regional Medical Center
Data Breach Class Action Lawsuit

Posted: April 15, 2026 -- Cookeville Regional Medical Center data breach class action lawsuit investigation.

Abington Cole + Ellery is investigating the data breach recently announced by Cookeville Regional Medical Center and may be filing a class action lawsuit on behalf of victims.

Cookeville Regional Medical Center Data Breach Summary:

In mid-April of 2026, Cookeville Regional Medical Center began sending notifications to people affected by a data security incident involving unauthorized access to sensitive data, which took place on or around between July 11, 2025, and July 14, 2025. Approximately 337,000 individuals were affected by the Cookeville Regional Medical Center data breach, and breached data may include, but is not necessarily limited to: name, address, date of birth, Social Security number, driver’s license number, financial account number, medical treatment information, medical record number, and/or health insurance policy information. As a result of the data breach, Cookeville Regional Medical Center is offering 12 months of free credit monitoring and/or identity theft protection services to some affected individuals.

FREE CONSULTATION: If you are a victim of the Cookeville Regional Medical Center data breach, and interested in potentially volunteering to serve as a class representative in a class action lawsuit against Cookeville Regional Medical Center, please submit your information here to be considered:

An attorney-client relationship is not formed by submitting information through this website.

Cookeville Regional Medical Center Data Breach Details:

Cookeville Regional Medical Center said it found suspicious activity in its computer network on July 14, 2025. After that discovery, the hospital began an internal investigation, moved to secure its systems, notified law enforcement, and hired a forensic security firm to help determine what had happened and how far the incident reached. The notice frames the event as a network intrusion and it suggests the hospital treated the matter as a serious cybersecurity event from the start.

According to the hospital’s investigation, an unauthorized third party accessed the network and viewed or acquired certain files between July 11 and July 14, 2025. After the forensic review, the medical center examined the affected files to see whether they contained personal information tied to specific people. It concluded that some individuals’ information was present in the exposed files.

Cookeville Regional says it is mailing notice letters to affected people when it has a valid address for them, and it says those letters explain steps they can take to protect themselves. The hospital also states that it is offering complimentary identity theft protection services to people whose Social Security numbers or driver’s license numbers were involved. The notice adds that the hospital has taken further steps to reduce the chance of a similar event in the future, including strengthening its technical security measures.

About Cookeville Regional Medical Center:

Cookeville Regional Medical Center is a regional hospital serving Tennessee’s Upper Cumberland area, with a broad range of services that include emergency care, heart and vascular treatment, cancer care, orthopedics, neurology, surgery, rehabilitation, imaging, and women’s health. Its website presents the medical center as a community-rooted institution with a long history of local care, while also emphasizing residency programs, outpatient services, and patient resources such as medical records, billing, and registration. In plain terms, it appears to function as a full-service medical center for Cookeville and the surrounding region, combining everyday hospital care with more specialized treatment lines under one system.

Additional Information:

CRMC Notice of a Data Incident

For more information about steps you can take to possibly reduce the chances harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?

If you believe you are a victim of the Cookeville Regional Medical Center data breach, and if you would like to volunteer to serve as a class representative in a class action lawsuit regarding this data breach, please submit your information via the form on this webpage. This website is not associated with nor authorized by Cookeville Regional Medical Center or any affiliated companies. If you have received any other data breach notifications, you may to review Abington Cole + Ellery's current list of data breach investigations.