University of Mississippi Medical Center Ransomware Attack Shuts Down All Clinics Statewide

University of Mississippi Medical Center (UMMC) closed all 35 clinics across Mississippi after a ransomware attack hit its IT systems. The incident disrupted Epic electronic medical records access and forced cancellation of outpatient surgeries, imaging, and procedures. Hospital inpatient care and emergency services continue using manual downtime procedures.

UMMC employs over 10,000 workers and runs Mississippi’s only children’s hospital, Level I trauma center, organ transplant program, and Telehealth Center of Excellence. The attack occurred Thursday, prompting activation of the Emergency Operations Plan. Officials shut down all network systems for risk assessment. In-person classes remain unaffected.

UMMC confirmed direct communication with ransomware operators during Thursday’s press conference. Dean LouAnn Woodward said clinical equipment functions normally with no patient safety impact. Associate Vice Chancellor Dr. Alan Jones emphasized safe care delivery via paper procedures. The FBI and CISA assist investigation.

UMMC Twitter status: “We have activated our Emergency Operations Plan and are working with authorities including the FBI and Homeland Security.”

We have activated our Emergency Operations Plan and are working with authorities including the FBI and Homeland Security, who are helping us to evaluate this situation and determine next steps. (2/3)

— The University of Mississippi Medical Center (@UMMCnews) February 19, 2026

UMMC Facility Impact Table

Service Type	Status	Reason
All 35 Clinics	Closed statewide	IT systems offline
7 Hospitals (inpatient)	Operational (manual)	Downtime procedures
Emergency Departments	Fully functional	Clinical equipment works
Outpatient Surgeries	Cancelled	EMR access blocked
Imaging Appointments	Cancelled	Epic systems down
Telehealth (200+ sites)	Suspended	Network shutdown

Patient safety priority maintained.

Canceled Services List

Impact hits thousands of patients:

• Ambulatory surgeries and procedures.
• Diagnostic imaging (X-ray, MRI, CT).
• Routine clinic appointments.
• Telehealth consultations.
• Outpatient specialty visits.

Rescheduling begins post-recovery.

Responding Agencies

Federal partners engaged immediately:

• FBI cyber division leads criminal investigation.
• CISA provides ransomware expertise.
• Homeland Security coordinates response.

UMMC evaluates full system impact.

Operational Continuity Measures

Manual procedures sustain care:

• Paper charts replace Epic EMR.
• Clinical equipment independent of networks.
• Emergency departments fully staffed.
• Supply chain unaffected.
• Academic schedule normal.

No patient harm reported.

Press Conference Quotes

UMMC leaders addressed media:

• LouAnn Woodward (Dean): “Attackers have communicated. Timeline unknown.”
• Dr. Alan Jones: “All equipment works. Patients cared for safely.”

Direct operator contact confirmed ransomware.

Patient Communication Steps

UMMC notifies affected individuals:

• Cancellation calls/emails sent Thursday.
• Appointment rescheduling post-recovery.
• Emergency care access maintained.
• Billing holds during downtime.

Website remains inaccessible.

Healthcare Ransomware Patterns

UMMC attack follows trend:

• Epic systems prime targets.
• Clinic closures common outcome.
• Manual procedures standard response.
• Negotiations typical first step.
• Data theft likely occurred.

No group claimed responsibility.

Recovery Timeline Factors

Restoration depends on:

• Full network risk assessment.
• Backup validation and restoration.
• Negotiations with operators.
• FBI/CISA threat intelligence.
• EMR data integrity verification.

Days to weeks expected.

Immediate Impacts

Stakeholder Group	Disruption Level
Clinic Patients	High (all cancelled)
Hospital Patients	Low (manual procedures)
Staff	High (systems offline)
Students	None (classes continue)
Mississippi Healthcare	Significant capacity loss

State’s largest employer disrupted.

FAQ