Cyber Incident Victim: University of Mississippi Medical Center

The University of Mississippi Medical Center (UMMC) suffered a ransomware attack that began on Thursday, February 19, 2026, compromising its IT network and critical systems, including the Epic electronic health records platform. In immediate response, UMMC leadership took the precautionary step of taking all network systems offline to contain the incident and prevent further damage, a decision described by Vice Chancellor for Health Affairs LouAnn Woodward as having "stopped the bleeding." This action forced the closure of all 35 outpatient clinics statewide, leading to the cancellation of all scheduled appointments, including chemotherapy and elective procedures, while hospitals and emergency departments in Jackson, Grenada, Madison County, and Holmes County remained operational using established "downtime procedures." These procedures required staff to revert to paper documentation, pen-and-paper processes, and fax machines for patient care, as digital charting and tracking systems were unavailable. Woodward stated that the extent and scope of the intrusion were still not fully understood within the first 24 hours, and the attackers had already communicated with hospital officials. UMMC activated its Emergency Operations Plan and announced it was working closely with law enforcement, specifically the FBI and the Department of Homeland Security (DHS), to investigate and respond. FBI Special Agent in Charge Robert Eikhoff confirmed the agency was surging resources nationally and locally to assist UMMC and its vendors in understanding the attack's full extent and restoring systems.

The attack's impact on patient care was significant and widespread, with outpatient services completely halted for several days. Clinics were officially closed on Monday, February 23, and Tuesday, February 24, with appointments rescheduled where possible, while hospital officials worked to prioritize ongoing, time-sensitive care. The disruption overwhelmed the medical center's telephone lines and created confusion among patients seeking care, with individuals expressing their difficulties publicly online. By February 25, UMMC announced it was making "significant progress" in responding to the attack and restoring systems, but the organization was still struggling to return to normal operation, and regularly scheduled clinic appointments and elective procedures remained cancelled at least through February 27. Throughout the incident, it remained unclear whether any employee or patient data had been stolen, and the identity of the responsible threat actor group was not known. The ransomware attack occurred coincidentally on the same day an episode of HBO's "The Pitt" featuring a fictional hospital ransomware plot aired, drawing expert comparisons between the show's depiction of operational chaos and UMMC's real-world reliance on analog processes. UMMC's leadership consistently emphasized that restoring safe, full-scale operations was the top priority, with Woodward promising the institution would be "back up and running full steam ahead" as quickly as possible, while acknowledging the complex challenge of assessing and securing systems before bringing them back online.