Medusa Ransomware Claims University of Mississippi Medical Center Attack
University of Mississippi Medical Center (UMMC) is facing an extortion threat after the Medusa ransomware gang claimed responsibility for the February cyberattack that disrupted hospital operations and forced staff to rely on paper processes and other offline workarounds. The incident affected one of Mississippi’s most critical healthcare providers, with hospitals and emergency departments remaining open while 35 clinic locations were closed; recovery involved assistance from the FBI and Department of Homeland Security, and full reopening was reported on March 2.
Medusa later posted on its leak site that it had stolen data from UMMC and demanded $800,000, with a deadline of March 20. Reporting indicates the gang offered multiple extortion options, including paying to delete the data, buying the allegedly stolen information, or paying a smaller amount to extend the deadline. Screenshots were published as purported proof of theft, but UMMC had not confirmed that sensitive patient or enterprise data was actually exfiltrated, and the size and scope of the alleged data set remained unclear at the time of reporting.
Timeline
Mar 18, 2026
Dark web post offers alleged UMMC data for sale
By March 18, 2026, reporting indicated that data allegedly stolen from UMMC had been posted on the dark web for sale for $800,000. Researchers said Medusa's post included screenshots as purported proof, though the scope and contents of the data remained unclear.
Mar 17, 2026
Medusa claims attack on Passaic County, New Jersey
By March 17, 2026, Medusa had also claimed responsibility for a separate attack on Passaic County, New Jersey. The county had disclosed a malware incident that disrupted phone lines and government IT systems.
Mar 17, 2026
UMMC confirms ransomware incident as recovery continues
By mid-March 2026, UMMC had confirmed the ransomware incident but said it had not confirmed whether sensitive patient or other data was accessed or exfiltrated. The FBI and Department of Homeland Security were assisting with the response and recovery effort.
Mar 12, 2026
Medusa claims UMMC attack and demands $800,000
On March 12, 2026, the Medusa ransomware gang claimed responsibility for the UMMC attack on its leak site. The group said it had stolen data from across the health system's network, demanded an $800,000 ransom, and set a March 20 deadline before publication.
Feb 19, 2026
Ransomware attack hits University of Mississippi Medical Center
On February 19, 2026, the University of Mississippi Medical Center suffered a ransomware attack that caused a nine-day outage. The incident forced staff to use offline and paper-based processes, closed 35 clinic locations, and disrupted services including the cancer infusion center while hospitals and emergency departments remained open.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Malware
Organizations
Sources
Related Stories
University of Mississippi Medical Center Ransomware Attack Disrupts Epic EHR and Statewide Clinics
The **University of Mississippi Medical Center (UMMC)** restored normal operations after a major **ransomware attack** that disrupted IT systems for roughly nine days, including loss of access to **electronic medical records** and impacts to patient care across the state. The incident forced UMMC to cancel outpatient procedures, ambulatory surgeries, and imaging appointments, while hospitals and emergency departments continued operating using manual *downtime procedures*; phone communications were also affected. UMMC reported restoring access to patient records and reopening clinics with extended hours to address the backlog. Officials said they were **communicating with the attackers** and working with the **FBI** and **CISA** during the response and investigation. As of the latest reporting, **no ransomware group has claimed responsibility**, and there was **no confirmed evidence of data exfiltration** disclosed in official statements.
1 months ago
University of Mississippi Medical Center Ransomware Attack Disrupts Epic EHR and Forces Statewide Clinic Closures
The **University of Mississippi Medical Center (UMMC)** reported a **ransomware attack** that knocked multiple IT systems offline, including access to its *Epic* electronic health record (EHR) platform, triggering the organization’s emergency operations plan. The disruption forced UMMC to **close all 35 clinics statewide** and **cancel outpatient, elective, and clinic procedures**, while hospital and emergency services remained open under contingency operations. UMMC stated the attackers have been in communication and that it is working with external specialists and law enforcement; the **FBI is investigating** and warned the duration of the outage was unknown at the time of reporting. Separate reporting also described a different municipal incident in **Meriden, Connecticut**, where officials took city internet services and public Wi‑Fi offline after an attempted disruption; emergency services were reported as unaffected and the city said it would conduct a comprehensive review before restoring service.
1 months ago
Medusa Ransomware Attack and Data Breach at SimonMed Imaging
SimonMed Imaging, one of the largest outpatient medical imaging providers in the United States, experienced a significant data breach following a ransomware attack by the Medusa group. The incident resulted in unauthorized access to SimonMed’s systems between January 21 and February 5, 2025, as confirmed by both company statements and regulatory filings. The breach was initially discovered on January 27, 2025, after a vendor notified SimonMed of a security incident, prompting an immediate internal investigation. The attackers reportedly stole approximately 200 GB of data, impacting over 1.2 million individuals whose sensitive information was exposed. SimonMed Imaging provides a wide range of diagnostic services, including MRI, CT, X-ray, ultrasound, mammography, PET, nuclear medicine, bone density, and interventional radiology, and operates around 170 medical centers across 11 states. The compromised data includes names, addresses, birth dates, dates of service, and provider names, with the potential for even more sensitive medical information to have been accessed, given the nature of the business. In response to the breach, SimonMed took several remediation steps, such as resetting passwords, strengthening multi-factor authentication, implementing enhanced endpoint detection and response monitoring, removing direct vendor access, and restricting network traffic to trusted connections. The company also engaged data security and privacy professionals and notified law enforcement authorities. As of October 10, 2025, SimonMed stated there was no evidence that the stolen information had been misused for identity theft or fraud. The company emphasized that the investigation is ongoing to determine the full scope of the data affected. The breach highlights the persistent threat of ransomware attacks targeting healthcare organizations, which often store large volumes of sensitive patient data. SimonMed’s swift response included notifying affected individuals and regulatory bodies, as required by law. The Medusa ransomware group’s involvement underscores the increasing sophistication and impact of cybercriminal operations against critical healthcare infrastructure. The incident has raised concerns about third-party vendor security, as the initial alert came from an external partner experiencing its own security issues. SimonMed’s annual revenue exceeds $500 million, and the scale of this breach is among the largest in the healthcare sector for 2025. The company continues to monitor for any signs of misuse of the compromised data and is providing support to affected individuals. This event serves as a stark reminder of the importance of robust cybersecurity measures and incident response planning in the healthcare industry.
1 months ago