University of Mississippi Medical Center Closes Clinics After Ransomware Attack

The clinics initially shut down on Thursday after the cyberattack hit the academic medical center.

The University of Mississippi Medical Center (UMMC) has closed its clinics across Mississippi through Tuesday following a ransomware attack that disrupted operations and took its Epic electronic health record (EHR) system offline.

The clinics initially shut down on Thursday after the cyberattack hit the academic medical center. In a statement issued Saturday, UMMC confirmed the closures would continue through Tuesday. Hospital facilities and emergency departments in Jackson, Grenada, Madison County, and Holmes County remain open.

Clinic appointments and elective procedures are being rescheduled where possible. The health system said it is prioritizing patients requiring time-sensitive care, including chemotherapy.

UMMC operates seven hospitals and is the state’s only academic medical center. According to a Friday statement, the organization is working with federal authorities, including the Federal Bureau of Investigation, along with national cybersecurity experts to investigate and respond to the breach.

The ransomware attack restricted access to core digital systems, including phone and email services. UMMC said it is using a third-party vendor to maintain communication with patients during the disruption.

For inpatient services, the medical center has shifted to downtime procedures. Care documentation and physician orders are being handled on paper while digital systems remain offline. Dr. LouAnn Woodward, UMMC’s vice chancellor for health affairs, said in a statement Friday that the organization had contained the immediate impact of the attack but was still assessing the full extent of the intrusion.

Ransomware attacks, which encrypt systems and demand payment for restored access, continue to disrupt healthcare providers nationwide. Such incidents can delay care delivery, force diversion of emergency cases, and expose sensitive patient data.

Recovery timelines vary widely across the sector. According to a 2024 survey by cybersecurity firm Sophos, only 22% of healthcare organizations fully recovered from a ransomware attack within a week, while nearly 40% required more than a month to return to normal operations.

UMMC has not disclosed whether patient data was compromised. Investigation and system restoration efforts remain ongoing.

Stay tuned for more such updates on Digital Health News