Campus Alert Archive
UMMC

Medusa Ransomware Closes 35 UMMC Clinics Statewide for Nine Days, Demands $800K

MSinfrastructure failureadvisorymedium confidence
Confirmed Threat

In the early hours of Thursday, February 19, 2026, the University of Mississippi Medical Center detected a ransomware attack that encrypted its EPIC electronic health record system and took phone lines, email, and patient record access offline across its statewide network. All 35 of UMMC's outpatient clinics closed and elective surgeries were canceled, forcing staff to resort to pen and paper for nine days. The Medusa ransomware group later claimed responsibility, demanding $800,000 and threatening to publish 1 TB of exfiltrated patient and research data.

Alerts
3
Response
Killed
0
Injured
0
Institution
University of Mississippi Medical Center
Public R1 · MS
~3,500 studentsAlert U
Confirmed Timeline

Alert Sequence

3 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTEmail
Approximate reconstruction512 chars
UMMC has experienced a cybersecurity incident that has impacted our network and many of our IT systems. As a precautionary measure, we have taken affected systems offline to contain the incident. All clinic appointments scheduled for today and the remainder of the week are canceled. Hospital and emergency department operations continue. In-person classes for students are proceeding as scheduled. We are working with cybersecurity experts and law enforcement and will provide updates as the situation develops.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

UMMC's announcement that student in-person classes would continue while clinic operations shut down illustrated the administrative and clinical sides operating on separate systems.
The immediate cancellation of all clinic appointments -- 35 locations statewide -- was the largest single-day clinic closure in Mississippi healthcare history.
UPDATEEmail
Approximate reconstruction488 chars
Clinic closures will continue through next week as our teams work to restore systems. The kidney dialysis clinic at Jackson Medical Mall remains open with scheduled appointments proceeding. Hospital patient care is continuing; our emergency department remains open. Clinical staff are using paper records for patients currently in our care. All clinical equipment and life-sustaining systems remain operational. The FBI and cybersecurity forensics experts are assisting our investigation.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The carve-out for dialysis reflects the life-critical nature of that service; missing a dialysis appointment carries immediate health risk in a way that most outpatient visits do not.
The phrase 'clinical equipment and life-sustaining systems remain operational' was a standard reassurance deployed to prevent patient panic and media alarm.
ALL CLEAREmail
Approximate reconstruction416 chars
UMMC is pleased to announce that our clinics across the state will reopen today, Monday, March 2, 2026. Access to our EPIC electronic health record system has been restored. Patients with canceled appointments are being contacted to reschedule. Our MyChart patient portal access will be restored in the coming days. We thank our patients, students, faculty, and staff for their patience during this difficult period.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Nine days of clinic closure across 35 Mississippi locations represents one of the longest healthcare ransomware disruptions in a medically underserved state.
The delayed restoration of MyChart patient portal access -- a consumer-facing system -- reflects the layered complexity of EHR ecosystem recovery.
Context

Background

The UMMC ransomware attack on February 19, 2026 was detected in the early hours of the morning when IT staff noticed suspicious activity on the network. The attack encrypted the institution's EPIC electronic health record platform and took phone lines, email, and web-based patient scheduling offline simultaneously across UMMC's statewide footprint, which includes the main Jackson campus, a children's hospital, and dozens of outpatient specialty clinics across Mississippi. All 35 outpatient clinics closed and elective surgeries were canceled for nine days, forcing nurses and physicians to revert to pen-and-paper documentation for patients currently admitted. The emergency department and hospital inpatient units remained open throughout. The Medusa ransomware group claimed credit in mid-March, demanding $800,000 and threatening to publish 1 TB of exfiltrated data by March 20. UMMC reportedly offered $550,000, which Medusa rejected. The nine-day closure caused an estimated 20 percent drop in revenue due to delayed patient care. In May 2026, a local TV investigation found that UMMC may have violated federal HIPAA breach notification requirements by not promptly informing affected patients. UMMC's Alert U emergency notification system, which serves the health sciences students, staff, and patients on campus, was used to communicate the ongoing situation.
Analysis

Key Findings

Medusa ransomware attack detected early morning February 19, 2026, encrypting EPIC EHR and taking phone and email offline.
All 35 UMMC outpatient clinics statewide closed for nine days; only the dialysis clinic at Jackson Medical Mall remained open.
Hospital emergency department and inpatient care continued throughout; clinical equipment remained functional.
Medusa demanded $800,000 ransom threatening to leak 1 TB of data; UMMC offered $550,000, rejected.
Estimated 20 percent revenue drop; HIPAA notification compliance questioned in May 2026 reports.
Outcome
Clinics reopened on March 2, 2026, after EPIC EHR access was restored. Medusa claimed 1 TB of exfiltrated data and posted a ransom demand of $800,000. UMMC offered $550,000, which was rejected. The attack caused an estimated 20 percent revenue drop. In May 2026, reports emerged that UMMC may have violated HIPAA notification requirements.
Provenance

Sources

  1. News
    Mississippi medical center closes all clinics after ransomware attack -- BleepingComputer
    bleepingcomputer.com
  2. News
    Mississippi health system shuts down clinics statewide after ransomware attack -- NPR
    npr.org
  3. News
    UMMC Shuts Clinics While it Grapples with Ransomware Attack -- HIPAA Journal
    hipaajournal.com
  4. News
    Expert says UMMC could face weeks to months of recovery after cyberattack -- Mississippi Today
    mississippitoday.org
  5. News
    Medusa ransomware gang claims attack on UMMC -- The Record / Recorded Future
    therecord.media
  6. News
    University of Mississippi Medical Center reopens clinics after ransomware attack -- Cybersecurity Dive
    cybersecuritydive.com
Tags
ransomwaremedusahealthcareacademic-medical-centerehrclinic-closureinfrastructure-failuremississippi2026
Added May 2026Updated May 2026Via ingestion