Ransomware forces UMMC to close 35 clinics, cancel elective procedures

The University of Mississippi Medical Center in Jackson shut down its IT network and closed all 35 outpatient clinics statewide after a ransomware attack early Thursday morning, forcing the cancellation of elective surgeries and most outpatient appointments and leaving some patients stranded. Officials said the disruption began Feb. 19 and continued into Feb. 20 as staff worked under emergency procedures to assess damage and restore systems.

LouAnn Woodward, vice chancellor for health affairs and dean, said at a press event that the attack affected multiple systems, including the electronic medical record system Epic. "Early this morning, we sustained a cyber attack, which impacted our IT network and many of our systems, including our electronic medical records system, EPIC. We have triggered our emergency operations plan: this impacts all medical center locations," she said. Woodward added that administrators had taken systems offline to mitigate risk and that "those are the pieces that are still being determined. But as I said earlier, we have taken our systems down. We are working to mitigate all the risks that we know of."

Hospital officials said emergency and inpatient services remained available but were operating under downtime protocols that require manual record keeping and alternative communication channels. Administrative functions, including billing and hospital websites, and portions of the phone system were also affected, complicating scheduling and outreach to patients. The dialysis clinic at the Jackson Medical Mall was reported to be an exception and remained open for scheduled treatments.

Federal authorities are involved in the response. Robert Eikhoff, special agent in charge of the FBI's Jackson field office, confirmed at the same press event that ransomware was responsible for knocking UMMC's network offline. Officials said the FBI and the Department of Health and Human Services were monitoring and assisting in the investigation.

It remains unclear whether attackers exfiltrated patient data or whether a ransom demand has been made. Woodward said investigators were still determining what, if any, protected health information was compromised and warned that network restores could take days. "The attackers have communicated to us and we’re working with the authorities and the specialists on next steps," she said. "We do not know how long this situation may last."

The outage had immediate consequences for patients. Officials canceled outpatient, ambulatory surgeries and imaging appointments that were to be rescheduled. One patient, Richard Bell, 55, drove three hours from Oxford to UMMC’s main campus only to learn he could not get bloodwork or a scheduled chemotherapy treatment. Hospital leaders described outpatient services as effectively hobbling while teams work on recovery.

Industry experts say attacks on health care systems have been rising. John Riggi, national advisor for cybersecurity and risk at the American Hospital Association, said, "Ransomware attacks targeting US hospitals and health care continue to increase at a very concerning rate." In prior incidents, similar attacks have delayed medication distribution and forced costly workarounds, underscoring the operational and patient safety risks.

UMMC urged patients to check the medical center’s official channels for updates and to contact their providers when phone lines are restored. Officials did not provide a timeline for when all clinics would reopen but said they would post rescheduling information as systems come back online. Federal and hospital investigators continue to probe the scope of the intrusion.