Ransomware Attack Disrupts University of Mississippi Medical Center and Triggers Privacy Scrutiny
A ransomware attack forced the University of Mississippi Medical Center to take major systems offline, disrupting its phone network, broader IT environment, and Epic electronic health record platform. UMMC closed all 35 clinics across Mississippi, canceled appointments including chemotherapy and elective procedures, and shifted staff to paper documentation while keeping hospitals and emergency departments open. The medical center said it was working with the FBI, outside cybersecurity specialists, and vendors to investigate the intrusion and restore operations.
UMMC later reopened clinics as systems were gradually brought back online, but the fallout extended beyond the immediate outage. Subsequent reporting said the incident may have exposed the organization to potential federal privacy-law issues, raising questions about whether protected health information was adequately safeguarded during the attack. The case highlights how ransomware against healthcare providers can quickly disrupt patient care, delay treatment, and create regulatory risk alongside operational recovery.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Report says UMMC may have violated federal privacy law
A later report said UMMC may have violated federal privacy law in connection with the ransomware incident, indicating possible compliance concerns tied to the attack and its handling. This represented a new development beyond the initial outage and recovery reporting.
UMMC reopens clinics after ransomware disruption
Following the outage caused by the ransomware attack, the University of Mississippi Medical Center reopened its clinics and resumed broader operations. Coverage published in late February and early March reported the reopening as the next major operational milestone after the shutdown.
UMMC closes 35 clinics and cancels appointments
In response to the cyberattack, UMMC closed all 35 clinics across Mississippi and canceled appointments, including chemotherapy and elective procedures, while hospitals and emergency departments remained open. Staff shifted to paper documentation to continue time-sensitive care.
UMMC hit by ransomware attack and takes systems offline
The University of Mississippi Medical Center suffered a ransomware attack that disrupted its phone systems, Epic electronic health records platform, and broader IT network. UMMC took affected systems offline and began investigating with cybersecurity specialists, vendors, and law enforcement including the FBI.
Sources
5 references tracked. Mallory keeps watching after this page renders.
UMMC may have violated federal privacy law after ransomware attack
wlbt.com
Open sourceUniversity of Mississippi Medical Center reopens clinics after ransomware attack | Cybersecurity Dive
cybersecuritydive.com
Open sourceUniversity of Mississippi Medical Center reopens clinics after ransomware attack | Healthcare Dive
healthcaredive.com
Open sourceMississippi health system closes all clinics after cyberattack : NPR
npr.org
Open sourceMississippi hospital system closes all clinics after ransomware attack | AP News
apnews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
University of Mississippi Medical Center Ransomware Attack Disrupts Epic EHR and Statewide Clinics
The **University of Mississippi Medical Center (UMMC)** restored normal operations after a major **ransomware attack** that disrupted IT systems for roughly nine days, including loss of access to **electronic medical records** and impacts to patient care across the state. The incident forced UMMC to cancel outpatient procedures, ambulatory surgeries, and imaging appointments, while hospitals and emergency departments continued operating using manual *downtime procedures*; phone communications were also affected. UMMC reported restoring access to patient records and reopening clinics with extended hours to address the backlog. Officials said they were **communicating with the attackers** and working with the **FBI** and **CISA** during the response and investigation. As of the latest reporting, **no ransomware group has claimed responsibility**, and there was **no confirmed evidence of data exfiltration** disclosed in official statements.
Mar 24, 2026
University of Mississippi Medical Center Ransomware Attack Disrupts Epic EHR and Forces Statewide Clinic Closures
The **University of Mississippi Medical Center (UMMC)** reported a **ransomware attack** that knocked multiple IT systems offline, including access to its *Epic* electronic health record (EHR) platform, triggering the organization’s emergency operations plan. The disruption forced UMMC to **close all 35 clinics statewide** and **cancel outpatient, elective, and clinic procedures**, while hospital and emergency services remained open under contingency operations. UMMC stated the attackers have been in communication and that it is working with external specialists and law enforcement; the **FBI is investigating** and warned the duration of the outage was unknown at the time of reporting. Separate reporting also described a different municipal incident in **Meriden, Connecticut**, where officials took city internet services and public Wi‑Fi offline after an attempted disruption; emergency services were reported as unaffected and the city said it would conduct a comprehensive review before restoring service.
Mar 21, 2026
Medusa Ransomware Claims University of Mississippi Medical Center Attack
**University of Mississippi Medical Center (UMMC)** is facing an extortion threat after the **Medusa** ransomware gang claimed responsibility for the February cyberattack that disrupted hospital operations and forced staff to rely on paper processes and other offline workarounds. The incident affected one of Mississippi’s most critical healthcare providers, with hospitals and emergency departments remaining open while **35 clinic locations** were closed; recovery involved assistance from the **FBI** and **Department of Homeland Security**, and full reopening was reported on March 2. Medusa later posted on its leak site that it had stolen data from UMMC and demanded **$800,000**, with a deadline of **March 20**. Reporting indicates the gang offered multiple extortion options, including paying to delete the data, buying the allegedly stolen information, or paying a smaller amount to extend the deadline. Screenshots were published as purported proof of theft, but UMMC had not confirmed that sensitive patient or enterprise data was actually exfiltrated, and the size and scope of the alleged data set remained unclear at the time of reporting.
Mar 21, 2026