The University of Mississippi Medical Center (UMMC) will remain offline through at least Friday – and possibly longer – as a ransomware attack that has crippled seven hospitals and 35 clinics leaves patients struggling to reach care. Experts warn recovery could stretch for weeks, if not months.

Despite announcing that all clinic appointments and elective procedures are cancelled through Friday, UMMC said it was “making significant progress in responding to the cyberattack and restoring our systems.”

The state’s largest hospital system was hit by ransomware on February 19, taking down not only all associated websites, phone and email systems, but also access to their entire electronic medical records system, Epic.

Recovery could take months

Cybersecurity experts say outages of this scale often unfold in stages – from immediate operational chaos to prolonged forensic reviews and system rebuilding.

“In the face of a successful ransomware attack you are probably talking four days of near chaos, four weeks of intensive activity, and four months of stakeholder engagement as you seek to reestablish data sharing and access to external networks that have pulled up the drawbridge, knowing your network has been compromised.”

- Tim Rawlins, senior adviser and director of security at NCC Group

Wednesday evening, UMMC posted its eighth update since the attack on its still-operational Facebook page, noting that all seven of its hospitals were open, as well as the Emergency Departments in the capital City of Jackson and in Madison, Holmes, and Grenada counties.

“Through diligent and around-the-clock work, we are hopeful that we will be able to resume elective procedures and regular clinic operations as early as Monday. Our ability to do this will be clearer over the next couple of days,” the University of Mississippi Medical Center post said.

“All cancelled appointments will be rescheduled soon,” it said.

“Unfortunately, this is just the latest targeted attack by criminals who are not concerned about the impact on human lives,” said Tim Rawlins, senior adviser and director of security at NCC Group.

He points out that "hospitals are vulnerable to such attacks, having systems connected to multiple suppliers, staff focused on saving lives, not cybersecurity, and investment directed towards medical equipment rather than patching and updating IT systems."

Patients scrambling for care

On Monday, officials set up a “UMMC Triage Line” to take calls from patients seeking more information about appointments, scheduled surgeries, elective procedures, and basic care.

But clearly overwhelmed by high call volume, patients continue to report unanswered calls and repeated disconnects to the triage line, which noted it would prioritize requests for time-sensitive needs, such as medication refills or postoperative care visits.

“UMMC Teams are working around the clock to restore full operations and help as many people as quickly as we possibly can. Thank you for your support and understanding,” hospital officials said.

“I am 3 weeks after surgery for broken leg and trauma. Call the line no response. I need to see doctor to check on my leg, please,’ one user responded to Wednesday’s update.

Another asked, “What about patients scheduled for cancer treatments next week?”

Other commenters showed more support, urging fellow callers to be patient.

“For those calling but not getting the automated service. Hang up and try again. It took me five tries before I got the answering service. Once I left a message I was called back within two hours,” one person commented.

Many followers, including one local Reverend, sent prayers to the medical teams, fearing the disruption in patient care could lead to detrimental outcomes, and even death, as documented in a weeks-long ransomware attack that disrupted five NHS London hospitals in 2024.

“This includes ALL teams throughout your system. We will continue to pray for all patients, including those whose services have been postponed or delayed,” they wrote. Ross Filipek, CISO at Corsica Technologies, said outages at major health systems rarely stay contained.

“When scheduling, electronic records, imaging, and communications go offline, the impact ripples outward into partner networks, pharmacies, and public health touchpoints that depend on the same digital backbone.”He added that healthcare delivery is now inseparable from technology delivery, meaning downtime at one major provider can strain an entire region.

Data concerns mount

According to local news outlet Mississippi Today, Medical Center Vice Chancellor, Dr. LouAnn Woodward confirmed in a Tuesday television interview that “the attacker made financial demands.”

While officials have not said whether negotiations are underway, experts note ransom demands often coincide with data theft or threats of public disclosure.

Last Friday, UMMC admitted it did not know “the full extent of the infiltration or how long it would take to return to regular operations.”

Furthermore, officials have not publicly disclosed whether patient data was accessed, nor have they identified the ransomware group behind the attack.

This, along with the communication fallout, left many patients concerned their personal information was being exploited by hackers.

This was exacerbated when many patients began receiving random emails, texts, and phone calls from an unknown sender, which turned out to be the UMMC.

The medical center explained that the messages were being sent by “an off-site vendor, activated due to our electronic medical record, Epic, being down.”

“Please be aware that emails, texts and calls you receive about closures of UMMC clinics or requests to send communications are legitimate,” UMMC announced on Facebook, apologizing for the confusion and assuring patients that it was “safe but not necessary to click the links.”

“Healthcare systems are now on the front lines of the cyber battlefield,” said Michael Centrella, Head of Public Policy at SecurityScorecard. “Resilience isn’t optional, it’s essential to maintaining public trust and operational continuity.”

MMC operates seven hospitals, 35 clinics, and roughly 200 telehealth sites across Mississippi, which includes the state's only Level 1 trauma center and Level 4 neonatal intensive care unit (NICU).

The UMMC healthcare system also includes the state’s only children’s hospital, only organ and bone marrow transplant program, and the only Telehealth Center of Excellence in the state – one of just two in the US.

In 2022, UMMC was forced to pay a $2.75 million settlement to the US Department of Health and Human Services’ Office for Civil Rights to resolve a slew of HIPAA data security violations stemming from a 2013 breach of unsecured electronic protected health information (ePHI) affecting 10,000 patients.

“During the investigation, OCR determined that UMMC was aware of risks and vulnerabilities to its systems as far back as April 2005, yet no significant risk management activity occurred until after the breach, due largely to organizational deficiencies and insufficient institutional oversight,” the HHS said.

UMMC was also ordered to adopt a corrective action plan to upgrade its cybersecurity.

---

Unlock more exclusive Cybernews content on YouTube.