Ransomware hits Mississippi hospital system

Ransomware attackers have forced the University of Mississippi Medical Center (UMMC) to shut down seven hospitals and dozens of clinics across the state – with disruptions expected to last for days, officials said on Friday.

A ransomware attack disrupted Mississippi’s largest hospital system and knocked key IT systems offline.
Surgeries and procedures were canceled as hospitals switched to manual downtime operations.
Experts warn healthcare ransomware recoveries often stretch weeks beyond the initial outage.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

The attack, first confirmed by UMMC on Thursday, shut down many of its IT systems, including access to its electronic medical records system, Epic.

“Due to a cybersecurity attack, many UMMC IT systems are down, including access to our electronic medical records, Epic,” the health system said in a statement posted to its official Facebook page.

“Today, all UMMC clinic locations statewide are closed.”

State’s largest hospital system disrupted

UMMC operates seven hospitals, 35 clinics, and roughly 200 telehealth sites across Mississippi.

What’s more, UMMC operates the state's only Level 1 trauma center and Level 4 neonatal intensive care unit (NICU).

The UMMC healthcare system also includes the state’s only children’s hospital, only organ and bone marrow transplant program, and the only Telehealth Center of Excellence in the state – one of just two in the US.

Officials warned the disruption could last several days.

In an update on Friday, UMMC said its Medical Center teams are working around the clock, with the help of the specialized FBI teams and at least three national cybersecurity vendors "that are experts in situations like ours, including in cyber forensics, recovery and security."

"At this time, it is still unknown the extent of the infiltration or how long it will take to return to regular operations," Friday's announcement said.

UMMC Facebook update February 20th — UMMC Facebook update on the February 19th ransomware attack, which has knocked the entire healthcare system offline. Image by Cybernews,

Outpatient and ambulatory surgeries, procedures, and imaging appointments have been canceled and will be rescheduled. Hospital and emergency services remain operational using downtime procedures. Phone systems and the ability to receive or send emails remain down or unreliable, the medical center said.

Furthermore, UMMC has not publicly disclosed whether patient data was accessed or exfiltrated during the attack, nor has it named the ransomware group behind it.

Recovery could take weeks, experts warn

Security experts say incidents of this scale often trigger extended recovery timelines that go far beyond the initial outage window.

Tim Rawlins, senior adviser and director of Security at NCC Group, said the attack “clearly demonstrates the absolute necessity of having effective business continuity plans (BCPs) that enable an organization to deliver its most important business services when it loses its main IT systems.”

Have thoughts about this topic? Others do, too. Join them in the discussion.

“It’s not good enough to have plans that say priority IT will be back in 4 hours as they used to,” Rawlins said.

“It’s clear that in the face of a successful ransomware attack, you are probably talking 4 days of near chaos, four weeks of intensive activity, and four months of stakeholder engagement as you seek to reestablish data sharing and access to external networks that have pulled up the drawbridge, knowing your network has been compromised.”

Hospital ransom — Image by Julia Podus | Shutterstock

The senior director added that restoring internal services can take weeks as forensic teams determine what data may have been compromised, assess damage, and reset passwords across applications and service accounts.

“We would expect to see the restoration of internal services potentially taking weeks as forensic investigations look to establish what data might have been compromised, what damage has been done, and passwords are reset in applications and services accounts,” Rawlins said.

Healthcare remains a high-pressure target

The incident marks the latest in a string of ransomware attacks targeting hospitals and medical services providers.

“Unfortunately, this is just the latest of a number of attacks on hospitals and medical services firms,” Rawlins said, calling healthcare organizations “an easy target for criminals unconcerned about human lives” due to complex supplier connections, budget pressures, and staff focused primarily on patient care.

Tallahassee Memorial Healthcare — Doctors performing surgery. Image by Shutterstock.

Ross Filipek, CISO at Corsica Technologies, said attackers increasingly focus on high-pressure environments where downtime creates urgency, making healthcare a consistent target..

“We are seeing a clear trend where attackers focus on high-pressure environments where downtime creates immediate urgency, and that makes healthcare an attractive target,” Filipek said.

Filipek explained that these incidents rarely stay neatly contained and often spill outside of the organization.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

“When scheduling, electronic records, imaging, and communications go offline, the impact ripples outward into partner networks, pharmacies, and public health touchpoints that depend on the same digital backbone.”

“Operations grind to a halt, and the region’s overall capacity takes a hit, which can have drastic consequences for organizations like hospitals that rely on consistency to deliver everyday procedures,” he added.

UMMC said it will provide further updates as more information becomes available.

Unlock more exclusive Cybernews content on YouTube.