The University of Mississippi Medical Center (UMMC) has successfully restored full operations and reopened all clinics after a sophisticated ransomware attack forced a multi-week shutdown of its electronic health records (EHR), patient portals, and several critical systems. The incident, one of the most disruptive ransomware events to hit a major U.S. academic medical centre in recent years, underscores the growing vulnerability of healthcare organisations to cyber threats and the importance of robust backup, recovery, and incident response strategies.
Glimpse:
The attack, detected in late December 2025, encrypted key systems and disrupted EHR access, appointment scheduling, telehealth services, and some diagnostic imaging workflows. UMMC declared a “limited operations” mode, diverting non-emergent patients and relying on paper-based processes during the outage. Following extensive forensic investigation, system restoration from secure backups, and heightened security measures, the medical centre announced full clinic reopening on January 27, 2026. No confirmed evidence of patient data exfiltration has been publicly disclosed, though the investigation continues.
The University of Mississippi Medical Center (UMMC), the state’s only academic medical centre and largest hospital, has fully restored operations and reopened all outpatient clinics following a significant ransomware attack that began in late December 2025. The cyber incident forced the organisation to take critical systems offline including its Epic EHR, MyChart patient portal, appointment scheduling platform, and select imaging and lab systems leading to widespread disruption of non-emergent care for several weeks.
In response, UMMC activated its incident response plan, declared a “limited operations” status, and shifted to manual/paper-based workflows for patient registration, ordering, and documentation. Emergency and inpatient services remained fully operational throughout, with diversion protocols in place for certain elective procedures and outpatient visits. The medical centre also established temporary call centres and alternative communication channels to support patients and referring providers during the outage.
A joint statement from UMMC leadership confirmed that the attack was contained with the assistance of third-party cybersecurity experts and federal partners (including the FBI and CISA). After thorough forensic analysis, system integrity checks, and validation of restored backups, the hospital began phased reactivation of digital systems in mid-January 2026. Full clinic reopening was announced on January 27, 2026, allowing resumption of routine appointments, elective procedures, and telehealth services.
While UMMC has not publicly confirmed whether patient data was exfiltrated or leaked, officials stated that the primary impact was operational disruption rather than confirmed data breach. Enhanced monitoring, multi-factor authentication upgrades, network segmentation improvements, and mandatory security awareness training have been implemented as part of post-incident remediation.
The incident highlights the persistent and escalating threat ransomware poses to U.S. healthcare organisations, where downtime can directly affect patient safety and care continuity. UMMC’s relatively swift recovery facilitated by robust offline backups and a well tested incident response plan has been cited as a positive example amid a wave of healthcare-targeted cyberattacks in 2025–2026.
“While this attack caused significant disruption, our team’s preparation, rapid response, and commitment to patient safety allowed us to restore services safely and quickly. We are stronger and more vigilant as a result.”
By
HB Team
