JACKSON, Miss. (WLBT) – The University of Mississippi Medical Center may have violated federal privacy law following a ransomware attack that crippled its systems in February, according to a 3 On Your Side investigation.
Federal law gives hospitals 60 days to tell the government and their patients when a cyberattack exposes private data. That deadline passed more than a month ago.
The February ransomware attack crippled systems at the hospital for nine days. Under HIPAA, hospitals must notify the Department of Health and Human Services, affected patients and local media within 60 days when an attack exposes personal information of more than 500 patients…