Mississippi's Largest Hospital System Closes All Clinics After Ransomware Attack

The University of Mississippi Medical Center shut down all 35 clinic locations statewide on Thursday after a ransomware attack crippled access to electronic medical records. The state's largest hospital system, which operates seven hospitals and over 200 telehealth sites, now has doctors treating patients with pen and paper while the FBI leads the investigation.

UMMC confirmed attackers "have communicated" with the hospital, indicating ransom demands were made. The organization is working with federal authorities including the US Cybersecurity and Infrastructure Security Agency and Homeland Security on response efforts.

Impact on Patient Care

The attack knocked out access to Epic, UMMC's electronic health record system, leaving clinicians unable to retrieve patient histories, medication lists, allergies, or treatment plans. According to Mississippi Today, the immediate fallout included:

• All outpatient surgeries cancelled and rescheduled
• Ambulatory imaging appointments postponed across all sites
• 35 clinics closed with no reopening date announced
• Hospital and emergency services operating under manual downtime procedures

The shift to paper-based workflows introduces risks beyond inconvenience. Medication errors increase when providers can't verify patient histories electronically. Test results may be delayed or lost. Critical alerts—drug interactions, allergies, abnormal lab values—that Epic normally surfaces automatically now depend entirely on manual review.

The Mississippi Free Press reports that with UMMC serving as the state's only Level 1 trauma center and academic medical center, the attack's ripple effects extend across Mississippi's healthcare infrastructure.

A Pattern in Healthcare Attacks

Healthcare ransomware attacks have accelerated throughout 2025 and into 2026. The sector presents attackers with a compelling target profile: critical operations that can't easily pause, extensive sensitive data with high value on dark web markets, and often underfunded IT security programs struggling against sophisticated threats.

UMMC joins a growing list of hospital systems forced into operational crisis by ransomware. We've tracked similar incidents affecting payment processing systems and utilities that demonstrate how ransomware operators increasingly target organizations where downtime directly threatens public welfare.

The attack also raises questions about backup and recovery capabilities. Modern healthcare systems depend on EHR access for safe patient care. When that access disappears with no immediate failover, the gap between "systems down" and "patients harmed" narrows dangerously.

FBI Investigation Underway

The FBI's involvement signals federal authorities are treating this as a significant criminal matter. Healthcare ransomware attacks can trigger multiple federal jurisdictions given HIPAA implications, potential theft of protected health information, and the critical infrastructure designation of healthcare facilities.

UMMC has not disclosed which ransomware group is responsible or whether patient data was exfiltrated. Attackers frequently steal data before encryption, using the threat of public release as additional leverage. Given UMMC's scale—serving patients statewide across multiple facilities—any breach could affect hundreds of thousands of records.

What Organizations Should Learn

Healthcare organizations watching UMMC's crisis should assess their own ransomware readiness:

1. Test downtime procedures regularly including manual workflows for all critical functions
2. Segment networks aggressively to limit ransomware spread between clinical and administrative systems
3. Maintain offline backups that attackers can't encrypt or delete
4. Establish communication plans for patients, staff, and media during incidents
5. Review cyber insurance coverage and understand response service provisions

The UMMC incident also highlights the value of pre-established relationships with federal agencies. Organizations can contact their local FBI field office and CISA regional representatives before incidents occur to establish communication channels that accelerate response when attacks happen.

Why This Matters

Healthcare ransomware isn't just a cybersecurity story—it's a patient safety emergency. When hospitals operate on paper, care quality degrades. Decisions that normally take seconds with EHR access become minutes or hours of manual record hunting. In emergency medicine, those delays cost lives.

The frequency of these attacks suggests current defenses aren't keeping pace with attacker capabilities. Healthcare organizations face budget constraints, legacy system dependencies, and workforce challenges that make security transformation difficult. But incidents like UMMC demonstrate the cost of deferring that transformation.

For organizations wanting to understand ransomware operations and defensive strategies, our ransomware guide covers how these attacks work, what makes healthcare vulnerable, and practical steps for improving resilience.

The UMMC situation remains developing. We'll update this coverage as the hospital provides more details on recovery timelines and any confirmed data exposure.