Ransomware Attack Forces UMMC to Close 35 Clinics, Lafayette County Patients Affected

A ransomware attack on the University of Mississippi Medical Center forced the health system to take all outpatient clinics offline, cancel elective surgeries and most appointments, and left at least one Lafayette County patient — 55-year-old Richard Bell of Oxford — unable to get bloodwork or chemotherapy after driving three hours to the Jackson campus. Officials said the intrusion began Thursday, Feb. 19, and closures continued into Friday, Feb. 20 as UMMC worked with federal investigators.

UMMC vice chancellor for health affairs and dean of the School of Medicine LouAnn Woodward said the medical center took its systems down as a precaution. "Those are the pieces that are still being determined. But as I said earlier, we have taken our systems down. We are working to mitigate all the risks that we know of," Woodward told reporters during the initial response.

The outage affected the medical center’s IT network and phone and electronic systems, and sources reported the Epic electronic health records platform was impacted. Multiple outlets described the shutdown as affecting roughly three dozen clinics; CNN and NPR specified that 35 UMMC clinics across Mississippi were closed. MED-COM, the state hospital transfer coordination network, was also hit by the outage, though Woodward said redundancies were in place to route patients to hospitals without disruption.

Federal authorities moved quickly to assist. Robert Eikhoff, the FBI special agent in charge of the Jackson field office, said, "The FBI’s top priority is getting systems back up to restore patient care." He added that investigators "are in the process of surging resources, both locally and nationally, into this incident to make sure that we are standing alongside with UMMC and their vendors as we look to understand the extent of this attack."

Officials warned the disruption could be a multi-day event. UMMC canceled elective procedures statewide and warned that most outpatient appointments would not proceed while risk assessments continue. Woodward summarized the immediate posture in a Friday statement: "To use a medical phrase — we have stopped the bleeding."

Several key questions remain unresolved. Investigators have confirmed attackers communicated with the university, but UMMC "did not disclose their demands," and officials have said whether protected health information was accessed is "still being determined." Health officials including the Department of Health and Human Services were reported to be monitoring the situation alongside the FBI.

For Lafayette County patients who depend on UMMC clinics for cancer care and chronic disease management, the attack has already produced concrete harm, as the case of Richard Bell showed. UMMC said it is working with law enforcement and cybersecurity specialists and that, "As a precaution, all of our IT systems have been taken down, and risk assessment will be conducted before we bring things back up." The medical center and federal partners continue the investigation as they restore systems and evaluate any impact on patient records and care.