Ransomware Shuts Mississippi Clinics, Cancels Surgeries

A sweeping ransomware incident has disrupted care across Mississippi, forcing clinic closures and the cancellation of elective surgeries tied to the University of Mississippi Medical Center. The academic medical center confirmed it disconnected key systems and shifted to manual workflows as investigators probe the scope of the breach and work to restore operations safely.

What Happened at UMMC During the Ransomware Outage

UMMC leadership said electronic health records and phone systems were taken offline as a precaution while teams validate the integrity of clinical networks. The move effectively shuttered all 35 of the health system’s clinics statewide and halted non-urgent procedures, with staff reverting to pen-and-paper for inpatient orders and documentation.

Administrators described the disruption as significant but controlled, emphasizing that isolating affected systems is essential to protect patient data and prevent further spread. Officials did not provide a specific timeline for full restoration and acknowledged they cannot reach every affected patient by text, email, or phone while communications remain constrained.

How Patient Care Was Disrupted Statewide Across Mississippi

The closures have ripple effects beyond Jackson. Community clinics rely on centralized scheduling, imaging, and lab systems that now require manual workarounds. While emergency departments and urgent cases generally continue under downtime procedures, the practical fallout includes postponed appointments, delayed test results, and longer wait times for rescheduling.

Hospitals practice for these scenarios, but paper processes are slower and prone to bottlenecks. Common safeguards—such as read-backs for verbal orders and limited access to prior records—help maintain safety but reduce throughput. Patient advocates recommend bringing medication lists, recent discharge paperwork, and photo ID to visits during outages to speed verification.

UMMC Investigation and the Evolving Healthcare Threat Landscape

UMMC said it is working with federal partners, including the FBI and the Department of Homeland Security. Such incidents often involve “double extortion,” where attackers both encrypt systems and threaten to leak stolen data. The scope of exfiltration, if any, has not been disclosed.

NPR first reported the breadth of the shutdown across Mississippi, and the episode mirrors a broader trend. CISA, the FBI, and the Department of Health and Human Services have repeatedly warned that healthcare remains a prime ransomware target because downtime endangers patients and organizations are under pressure to restore services quickly. Independent trackers such as BlackFog and Emsisoft have consistently found healthcare among the most targeted sectors.

Recent real-world examples underscore the risk. A pathology services breach in London forced the National Health Service to cancel or defer more than 1,000 procedures. In the United States, attacks on major providers—including incidents at Ascension and the Change Healthcare clearinghouse—have disrupted pharmacy claims, referrals, and hospital operations far beyond a single state.

Why Hospitals Are Vulnerable to Ransomware Disruptions

Health systems operate complex, interdependent networks: EHRs, imaging archives, lab information systems, pharmacy and billing all tie together. Many hospitals run a mix of modern cloud platforms alongside older on-premises systems and connected medical devices that are hard to patch. That blend creates broad attack surfaces and potential single points of failure.

Attackers typically enter via stolen credentials or phishing, then pivot laterally to disable backups and encrypt critical servers. The American Hospital Association has urged members to segment networks, enforce multifactor authentication everywhere (including remote access and vendor portals), and practice regularly for long-duration downtimes. HHS’s 405(d) Health Industry Cybersecurity Practices similarly emphasize basic controls—asset inventories, privileged access management, immutable backups, and rapid isolation playbooks—that can blunt the impact.

Cost pressures compound the challenge. Security budgets must contend with rising labor, supply, and technology expenses. Industry studies from IBM and others have repeatedly ranked healthcare breaches as the costliest, reflecting extensive recovery needs, regulatory reporting, and the potential for patient harm when clinical systems are impaired.

What Patients Should Do Now During UMMC System Outages

Patients with canceled visits or surgeries should monitor UMMC’s official channels and patient portals once available; call center capacity may be limited. Bring physical copies of medical histories and medication lists to any rescheduled appointment. If you recently received care, watch for notifications regarding data privacy—hospitals are obligated to inform patients if protected health information was accessed or acquired.

Experts also recommend placing fraud alerts with major credit bureaus if you suspect personal data exposure, and using identity monitoring if offered. Most importantly, seek urgent care if you experience worsening symptoms; hospitals can provide critical services even during IT outages, and clinicians are trained to operate safely under downtime protocols.

The Bottom Line on UMMC’s Ransomware Disruption in Mississippi

The ransomware attack that shut clinics and halted surgeries across Mississippi is a stark reminder that cybersecurity is now a direct patient safety issue. As UMMC and federal investigators work to restore systems and determine the extent of the intrusion, the incident reinforces a familiar lesson: resilient hospitals require not just firewalls and backups, but tested plans that keep care moving when the screens go dark.