University of Mississippi Medical Center Ransomware Attack Disrupts Epic EHR and Forces Statewide Clinic Closures
The University of Mississippi Medical Center (UMMC) reported a ransomware attack that knocked multiple IT systems offline, including access to its Epic electronic health record (EHR) platform, triggering the organization’s emergency operations plan. The disruption forced UMMC to close all 35 clinics statewide and cancel outpatient, elective, and clinic procedures, while hospital and emergency services remained open under contingency operations.
UMMC stated the attackers have been in communication and that it is working with external specialists and law enforcement; the FBI is investigating and warned the duration of the outage was unknown at the time of reporting. Separate reporting also described a different municipal incident in Meriden, Connecticut, where officials took city internet services and public Wi‑Fi offline after an attempted disruption; emergency services were reported as unaffected and the city said it would conduct a comprehensive review before restoring service.
Timeline
Feb 20, 2026
Clinic shutdown extends into a second day as recovery continues
On 2026-02-20, UMMC said clinic closures and canceled elective services were continuing for a second consecutive day while officials assessed the incident and worked to restore offline systems. The organization warned the disruption could last for days, although hospital and emergency care remained operational.
Feb 19, 2026
UMMC confirms contact from attackers during ransomware response
By 2026-02-19, UMMC leadership said the attackers had communicated with the organization, though it did not identify the group or disclose any ransom demands. No ransomware gang had publicly claimed responsibility at that time.
Feb 19, 2026
UMMC and federal authorities begin incident response investigation
On 2026-02-19, UMMC said it was working with law enforcement and federal agencies including the FBI, CISA, and DHS, along with outside specialists, to investigate and respond to the ransomware incident. Officials said it was too early to determine the full impact, including whether patient data was compromised or how long recovery would take.
Feb 19, 2026
UMMC closes clinics and cancels non-emergency care statewide
Following the attack on 2026-02-19, UMMC closed all or most clinic locations across Mississippi and canceled elective procedures, outpatient and ambulatory surgeries, imaging appointments, and other non-emergency services. Hospitals and emergency rooms remained open using downtime procedures, with staff in some areas reverting to paper documentation.
Feb 19, 2026
Ransomware attack hits UMMC and disrupts statewide IT systems
On 2026-02-19, the University of Mississippi Medical Center detected a ransomware attack that compromised or disrupted multiple IT systems, including access to its Epic electronic medical records platform. UMMC took network systems offline as a precaution and activated its emergency operations plan.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Sources
3 more from sources like govinfosecurity, bank info security and wlbt.com
Related Stories
University of Mississippi Medical Center Ransomware Attack Disrupts Epic EHR and Statewide Clinics
The **University of Mississippi Medical Center (UMMC)** restored normal operations after a major **ransomware attack** that disrupted IT systems for roughly nine days, including loss of access to **electronic medical records** and impacts to patient care across the state. The incident forced UMMC to cancel outpatient procedures, ambulatory surgeries, and imaging appointments, while hospitals and emergency departments continued operating using manual *downtime procedures*; phone communications were also affected. UMMC reported restoring access to patient records and reopening clinics with extended hours to address the backlog. Officials said they were **communicating with the attackers** and working with the **FBI** and **CISA** during the response and investigation. As of the latest reporting, **no ransomware group has claimed responsibility**, and there was **no confirmed evidence of data exfiltration** disclosed in official statements.
1 months ago
Medusa Ransomware Claims University of Mississippi Medical Center Attack
**University of Mississippi Medical Center (UMMC)** is facing an extortion threat after the **Medusa** ransomware gang claimed responsibility for the February cyberattack that disrupted hospital operations and forced staff to rely on paper processes and other offline workarounds. The incident affected one of Mississippi’s most critical healthcare providers, with hospitals and emergency departments remaining open while **35 clinic locations** were closed; recovery involved assistance from the **FBI** and **Department of Homeland Security**, and full reopening was reported on March 2. Medusa later posted on its leak site that it had stolen data from UMMC and demanded **$800,000**, with a deadline of **March 20**. Reporting indicates the gang offered multiple extortion options, including paying to delete the data, buying the allegedly stolen information, or paying a smaller amount to extend the deadline. Screenshots were published as purported proof of theft, but UMMC had not confirmed that sensitive patient or enterprise data was actually exfiltrated, and the size and scope of the alleged data set remained unclear at the time of reporting.
1 months ago
Ransomware and data-breach disclosures across education, critical infrastructure, and healthcare
Rome’s **La Sapienza University** shut down network systems as a precaution after a cyberattack caused widespread disruption and left its website offline; Italian media attributed the incident to a suspected ransomware operation linked to pro-Russian actor **Femwar02**, with reported tradecraft resembling **Bablock/Rorschach**-style fast encryption. Separately, Romania’s national oil pipeline operator **Conpet** reported a cyberattack that disrupted corporate IT and took down `www.conpet.ro` while leaving **OT/SCADA** and pipeline transport operations unaffected; **Qilin** claimed responsibility, alleging theft of nearly **1TB** of data and posting sample documents (including financial data and passport scans) to support extortion claims. In the U.S., government services contractor **Conduent** faced expanding breach impact from its January 2025 ransomware incident, with notifications indicating exposure potentially reaching **dozens of millions**; reported affected data includes **names, Social Security numbers, and medical/health insurance information**, with at least **15.4M** impacted in Texas and **10.5M** in Oregon per state disclosures. Additional healthcare-sector disclosures included a ransomware-linked intrusion at **Insightin Health** (unauthorized access in September 2025; **Medusa** claimed exfiltration of **378GB**) and a separate compromise at **Clinic Service Corporation** (August 2025 access window), while **Central Ozarks Medical Center** reported a criminal cyberattack affecting **11,818** individuals with exposure of PHI/PII (including SSNs and financial/insurance data). Other items in the set were not incident-specific: an **HHS-OIG** audit describing web application security weaknesses at a large hospital, and general guidance/education pieces on the value of medical records to attackers and **CISA** insider-threat guidance.
1 months ago