University of Mississippi Medical Center closes 35 clinics after ransomware attack

The University of Mississippi Medical Center said it halted operations at 35 outpatient clinics statewide and canceled elective procedures after a ransomware attack detected in the early hours of Feb. 19, forcing hospitals and emergency departments to revert to paper documentation to continue care.

UMMC officials said the intrusion affected the medical center's IT network and its Epic electronic health record system, prompting leaders to take systems offline "out of an abundance of caution" while investigators worked to test and secure services. Phone systems and the ability to receive or send email remained down or unreliable, complicating patient communication as the medical center tried to reach people with time-sensitive needs.

Hospital emergency departments in Jackson, Madison County, Grenada and Holmes County remained open and continued accepting patients, UMMC said. The Jackson Medical Mall kidney dialysis clinic was an explicit exception and kept appointments as scheduled. UMMC also said Mississippi MED-COM, the state hospital transfer coordination network, experienced effects but relied on redundancies so patient routing across the state continued without disruption.

Without access to key systems, clinicians recorded patient care on pen and paper, UMMC reported. That fallback preserved basic operations but introduced risks and delays for care continuity, particularly for patients with chronic conditions and those who depend on coordinated outpatient services. Appointments that require complex scheduling or preparation, chemotherapy and many elective surgeries among them, were canceled and are to be rescheduled when the center can confirm systems are safe to restore, officials said.

UMMC Vice Chancellor for Health Affairs LouAnn Woodward addressed the disruption, saying, "Our care teams continue to provide exceptional service to our patients and families. I know this intrusion into our system has negatively impacted some of our patients, but please know that we are using every resource at our disposal to resolve this issue in a safe and effective manner." She added, "To use a medical phrase - we have stopped the bleeding," while warning that "the extent and the scope of the intrusion is still not fully understood."

Law enforcement and federal cybersecurity agencies are involved in the response. UMMC said it was coordinating with the Federal Bureau of Investigation, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency, and was working alongside state agencies and national cybersecurity experts to investigate and remediate the outage.

UMMC reported that clinics would remain closed through the immediate days following the attack, with officials canceling or rescheduling appointments as they assess systems and patient needs. The center said it had contacted patients receiving ongoing, time-sensitive care to arrange alternative treatment where possible. In-person classes for students affiliated with the medical center were reported to be continuing as scheduled.

The attack underscores persistent vulnerabilities in health system infrastructure that can ripple through communities, particularly in a state where many patients rely on regional outpatient clinics for routine and specialty care. Public health officials and health policy analysts note that ransomware incidents can deepen disparities by interrupting treatment for fragile and low-income patients who lack flexible alternatives, and they argue that federal and institutional investments in cybersecurity and redundant care pathways are needed to protect access to essential services. Investigations into the scope of the intrusion and whether patient data were compromised are ongoing.