Additional Coverage:
Ransomware Attack Forces Mississippi Medical Center to Halt Services, Raising National Cybersecurity Concerns
Jackson, MS – One of Mississippi’s largest healthcare systems, the University of Mississippi Medical Center (UMMC), has been forced to close clinics statewide and cancel elective procedures following a ransomware attack. The digital disruption, which began on Thursday, has prompted a multi-day shutdown, significantly impacting patient care and highlighting the persistent cybersecurity vulnerabilities within the nation’s medical facilities.
The attack has affected all 35 of UMMC’s health clinics, which provide a broad spectrum of services, from cancer treatment to chronic-pain management. Doctors at UMMC are currently relying on pen and paper for patient care, as their access to electronic health records systems has been compromised. Emergency rooms, however, remain operational, with UMMC staff trained for service delivery during computer outages.
“We do not know how long this situation may last,” stated LouAnn Woodward, UMMC Vice Chancellor, during a Thursday press conference. “As a precaution, all of our IT systems have been taken down, and a risk assessment will be conducted before we bring things back up.”
The FBI has responded to the incident, with a top official confirming that the bureau is “surging resources both locally and nationally.” Federal authorities, including officials from the Department of Health and Human Services, have been closely monitoring the situation since Thursday.
The financial implications of the outage and canceled surgeries could be substantial for UMMC, whose $2 billion budget accounts for two percent of Mississippi’s economy.
Ransomware attacks have become an unfortunate reality for hundreds of healthcare organizations across the U.S. in recent years. These attacks often involve hackers locking or stealing data and then demanding payment, leading to delayed medication distribution, compromised patient safety, and billions of dollars in economic losses. While it remains unclear if a ransom demand has been made in the UMMC incident, hospitals are often vulnerable to such extortion due to the urgent need to restore critical care functions.
“The attackers have communicated to us and we’re working with the authorities and the specialists on next steps,” Woodward informed reporters.
John Riggi, National Advisor for Cybersecurity and Risk at the American Hospital Association, emphasized the growing threat. “Ransomware attacks targeting US hospitals and health care continue to increase at a very concerning rate,” Riggi said, speaking generally about the issue.
“Any cyberattack which disrupts or delays health care delivery, poses a risk to patient and community safety. This is especially so in rural areas where the next nearest available hospital or trauma center may be over 100 miles away.”
Beyond the immediate crisis, there are broader concerns within the U.S. healthcare sector regarding potential cyber blowback from international geopolitical tensions. While there is no indication that Iran is responsible for the Mississippi attack, Iranian hackers have been linked to past cyberattacks on U.S. health organizations. Cyber specialists are reportedly preparing for a possible increase in hacks should the U.S. military take action against Iran.
“We are keeping an elevated threat level and watching this Iran situation for potential impacts,” shared a cyber expert specializing in healthcare, who requested anonymity due to not being authorized to speak to the press.