University of Mississippi Medical Center Ransomware Attack Disrupts Epic EHR and Statewide Clinics
The University of Mississippi Medical Center (UMMC) restored normal operations after a major ransomware attack that disrupted IT systems for roughly nine days, including loss of access to electronic medical records and impacts to patient care across the state. The incident forced UMMC to cancel outpatient procedures, ambulatory surgeries, and imaging appointments, while hospitals and emergency departments continued operating using manual downtime procedures; phone communications were also affected.
UMMC reported restoring access to patient records and reopening clinics with extended hours to address the backlog. Officials said they were communicating with the attackers and working with the FBI and CISA during the response and investigation. As of the latest reporting, no ransomware group has claimed responsibility, and there was no confirmed evidence of data exfiltration disclosed in official statements.
Timeline
Mar 24, 2026
Family reveals UMMC attack disrupted active liver transplant surgery
By March 24, 2026, the family of patient Wade Watts publicly said UMMC systems began failing during his liver transplant surgery as the cyberattack unfolded, creating major operational challenges during a lifesaving procedure. The transplant was ultimately successful, and the account provided a concrete example of direct patient-care impact from the incident.
Mar 5, 2026
UMMC engages FBI and CISA and communicates with attackers
During the response, UMMC said it was working with federal authorities including the FBI and CISA and confirmed it had communicated directly with the attackers, indicating an extortion component. At that stage, no ransomware group had publicly claimed responsibility and there was no confirmed evidence of data exfiltration.
Mar 2, 2026
UMMC restores Epic access and reopens clinics with extended hours
UMMC restored access to patient records and reopened clinics on March 2, 2026, resuming normal operations after the nine-day outage. The medical center said clinics would use extended hours to address the accumulated backlog of delayed care.
Feb 22, 2026
UMMC closes clinics and cancels outpatient services for nine days
Following the attack, UMMC shut down clinics across the state for nine days and canceled outpatient procedures, ambulatory surgeries, and imaging appointments. The disruption created a backlog that included time-sensitive care such as chemotherapy.
Feb 22, 2026
UMMC hit by ransomware attack that disrupts Epic EHR and communications
In late February 2026, the University of Mississippi Medical Center suffered a ransomware attack that took its Epic electronic health record system offline and disrupted phone and email access. Hospitals and emergency departments continued operating under manual downtime procedures while the incident affected care statewide.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Sources
Related Stories
University of Mississippi Medical Center Ransomware Attack Disrupts Epic EHR and Forces Statewide Clinic Closures
The **University of Mississippi Medical Center (UMMC)** reported a **ransomware attack** that knocked multiple IT systems offline, including access to its *Epic* electronic health record (EHR) platform, triggering the organization’s emergency operations plan. The disruption forced UMMC to **close all 35 clinics statewide** and **cancel outpatient, elective, and clinic procedures**, while hospital and emergency services remained open under contingency operations. UMMC stated the attackers have been in communication and that it is working with external specialists and law enforcement; the **FBI is investigating** and warned the duration of the outage was unknown at the time of reporting. Separate reporting also described a different municipal incident in **Meriden, Connecticut**, where officials took city internet services and public Wi‑Fi offline after an attempted disruption; emergency services were reported as unaffected and the city said it would conduct a comprehensive review before restoring service.
1 months ago
Medusa Ransomware Claims University of Mississippi Medical Center Attack
**University of Mississippi Medical Center (UMMC)** is facing an extortion threat after the **Medusa** ransomware gang claimed responsibility for the February cyberattack that disrupted hospital operations and forced staff to rely on paper processes and other offline workarounds. The incident affected one of Mississippi’s most critical healthcare providers, with hospitals and emergency departments remaining open while **35 clinic locations** were closed; recovery involved assistance from the **FBI** and **Department of Homeland Security**, and full reopening was reported on March 2. Medusa later posted on its leak site that it had stolen data from UMMC and demanded **$800,000**, with a deadline of **March 20**. Reporting indicates the gang offered multiple extortion options, including paying to delete the data, buying the allegedly stolen information, or paying a smaller amount to extend the deadline. Screenshots were published as purported proof of theft, but UMMC had not confirmed that sensitive patient or enterprise data was actually exfiltrated, and the size and scope of the alleged data set remained unclear at the time of reporting.
1 months ago
University of Hawaii Cancer Center Ransomware Breach and Delayed Disclosure
The **University of Hawaii (UH) Cancer Center** disclosed that a ransomware intrusion affecting a single cancer research project led to the encryption of systems and the theft of a limited set of research files, including some legacy documents from the 1990s containing **Social Security numbers** used to identify study participants. UH reported the incident occurred in late August 2025 and said clinical operations and patient care were not impacted, but recovery and investigation were delayed due to the extent of encryption damage; UH also stated it engaged external experts, isolated affected systems, and negotiated with the attackers, including paying to obtain a decryptor and seeking assurances of deletion of stolen data. The disclosure drew scrutiny because UH reportedly notified the state legislature well after Hawaii’s **20-day breach reporting deadline**, and the university has not provided key details such as the specific research project, the number of affected individuals, or concrete measures proving the stolen data was not exposed after negotiations. Separate reporting on unrelated ransomware activity included **Everest** claiming a breach of **Nissan** with an alleged 900GB data theft and **Trellix** research describing **CrazyHunter** ransomware targeting Taiwan healthcare organizations; those items do not appear connected to the UH Cancer Center incident beyond being ransomware-related.
1 months ago