The University of Mississippi Medical Center (UMMC) has been forced to close multiple outpatient clinics and significantly curtail services after a sophisticated ransomware attack crippled its IT systems. The incident has disrupted patient care, delayed appointments, and raised serious concerns about data security and operational resilience in one of Mississippi’s largest academic medical centres.
Glimpse:
The ransomware attack, detected in late February 2026, encrypted critical servers and disrupted electronic health records, scheduling, billing, and communication systems across UMMC’s network. As a precaution, the hospital closed most outpatient clinics, cancelled non-emergent procedures, and diverted ambulances to other facilities while restoring systems from backups. UMMC activated its incident response plan, engaged third-party cybersecurity experts, and notified affected patients and authorities, though no confirmed data breach has been publicly disclosed yet. Emergency and inpatient services continue with manual processes.
The University of Mississippi Medical Center (UMMC), the state’s largest hospital and only academic medical centre, has temporarily closed the majority of its outpatient clinics and significantly scaled back elective procedures following a ransomware attack that severely compromised its computer networks. The incident was detected in the early hours of February 25, 2026, when IT teams identified unauthorized activity and suspicious encryption on several critical servers. Within hours, UMMC leadership activated its emergency incident response protocol, isolated affected systems, and began working with external cybersecurity forensics experts to contain the breach and assess the scope.
As a direct result of the attack, electronic health records (EHR), appointment scheduling, patient portal access, billing systems, email, and internal communication platforms became inaccessible or unreliable. To ensure patient safety and avoid potential errors from manual workarounds in high-volume settings, UMMC made the difficult decision to close most outpatient clinics effective immediately. Affected services include routine primary care, specialty follow-ups, diagnostic imaging, and non-urgent procedures across its main campus in Jackson and affiliated outpatient locations. Emergency departments, inpatient units, operating rooms for urgent and emergent cases, and inpatient consultations continue to operate, albeit with significant reliance on paper-based processes and manual coordination.
UMMC officials have stated that patient care remains their top priority during the recovery process. The hospital has diverted non-emergent ambulance traffic to nearby facilities, rescheduled thousands of appointments, and established dedicated hotlines to communicate with impacted patients. Pharmacy services have been shifted to paper prescriptions where necessary, and the hospital is coordinating with external partners to maintain continuity for dialysis, chemotherapy, and other time-sensitive treatments. No definitive evidence of patient data theft or exposure has been confirmed at this stage, but UMMC has begun notifying potentially affected individuals and regulatory authorities as a precautionary measure, in line with HIPAA breach notification requirements.
The attack has drawn attention to the vulnerability of large academic medical centres, which often serve as critical infrastructure for entire regions and hold vast amounts of sensitive health data. Cybersecurity experts note that ransomware groups increasingly target healthcare organizations due to the urgency of restoring systems and the perceived willingness to pay ransoms to avoid prolonged disruptions. UMMC has not disclosed whether a ransom demand was received or if any payment is under consideration, consistent with FBI guidance discouraging payments to attackers.
Recovery efforts are ongoing, with UMMC working around the clock alongside federal partners (including the FBI and HHS 405(d) Program) and private cybersecurity firms to restore systems from secure backups, strengthen defences, and conduct a thorough forensic investigation. Hospital leadership has promised a full return to normal operations as soon as safely possible and has committed to transparent communication with patients, staff, and the public throughout the incident.
“The safety of our patients is our absolute priority. While this attack is a serious setback, we are working tirelessly with the best experts available to restore services safely and securely.”
By
HB Team
