A UMMC cyberattack has disrupted operations at the largest academic health science center in Jackson, Mississippi. The incident forced the shutdown of critical information technology systems, the closure of clinics across the state, and the cancellation of numerous medical procedures.
Hospital officials confirmed Thursday that multiple IT systems, including the electronic medical records platform, were taken offline following a cyberattack on UMMC. As a result, outpatient and ambulatory surgeries and procedures, along with imaging appointments, were canceled. All UMMC clinics statewide were also closed, leaving providers unable to access patients’ digital medical records.
Despite the widespread outages, services for patients already inside UMMC hospitals have continued under what administrators described as “downtime procedures,” which allow medical staff to provide care without relying on electronic systems.
The University of Mississippi Medical Center employs more than 10,000 people, serves over 70,000 patients annually, and operates 35 clinics across Mississippi. Given its size and reach, the UMMC cyberattack has had an immediate and far-reaching impact.
Emergency Response Activated After Cyberattack on UMMC
During a recent press conference, UMMC leaders said they activated their emergency operations plans in response to the cyberattack on UMMC. Federal authorities are assisting in the investigation, including the Federal Bureau of Investigation, the United States Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency.
Officials revealed that the attackers “have communicated to us,” adding that the medical center is working with authorities to determine the next steps. As a precaution, administrators shut down all IT systems.
In a second statement, UMMC officials said: “UMMC clinics statewide will again be closed tomorrow, Friday, Feb. 20, and elective procedures are cancelled. Appointments will be rescheduled. One exception is the dialysis clinic at the Jackson Medical Mall, which is operational and open for scheduled appointments.” The dialysis clinic is located at the Jackson Medical Mall.
Officials added that the disruption caused by the UMMC cyberattack is expected to be a multi-day event. Hospitals and Emergency Departments will remain open unless otherwise communicated. In-person classes are continuing as scheduled, though online classes were canceled Feb. 20.
“We are sorry for this disruption, and we are working diligently to restore our systems and services as soon as possible,” UMMC officials said.
Patient Data Concerns Following UMMC Cyberattack
The cyberattack on UMMC has raised concerns about the potential exposure of sensitive patient information. Because UMMC is the largest hospital system in the state, the effects could extend well beyond Jackson.
James Phipps, a cybersecurity expert who works with medical facilities across Mississippi, explained how incidents like the UMMC cyberattack can unfold.
“They’re attacking your firewall, they’re looking for any vulnerabilities. If you have an employee on staff who opens up an e-mail, spam e-mail, they can get in that way. There are several different attack vectors that hackers use,” Phipps said.
According to Phipps, cybercriminals are often less interested in clinical data such as X-rays or blood test results and more focused on personal identifying information tied to medical records.
“They’re going after their demographic data most of the time,” Phipps continued. “So they can have billing records, social security numbers, all of that they can use elsewhere to, you know, change their identity, steal your identity.”
How the University of Mississippi Medical Center’s Interconnected System Could Be Affected
The structure of healthcare delivery in Mississippi adds another layer of concern. Hospitals and clinics frequently exchange patient information through referrals, meaning the impact of the UMMC cyberattack could ripple across interconnected systems.
“In Mississippi, the hospitals and clinics can be interconnected. You have referrals. A doctor can refer you to a doctor who’s a specialist, and the referring clinic may have information about that patient that’s being transferred back and forth,” Phipps explained.
As investigators work to determine what specific information, if any, was breached in the cyberattack on UMMC, patients are being advised to monitor their financial accounts. Phipps recommended checking bank statements for unusual charges and reporting suspicious activity immediately.
At this stage, officials have not disclosed the full scope of the breach or confirmed whether patient data was accessed. The University of Mississippi Medical Center continues working with federal authorities to investigate the UMMC cyberattack and restore affected systems. Further updates are expected as more details become available.
