A ransomware attack struck the University of Mississippi Medical Center (UMMC) on February 19, 2026, in Jackson, Mississippi. Hackers deployed ransomware that compromised the hospital network’s IT systems, including the electronic medical records platform Epic. UMMC officials detected the intrusion early that morning and immediately took the entire computer network offline to contain the damage and prevent further spread.
The attack forced UMMC to shut down operations across its network:
- All 35 outpatient clinics statewide closed immediately.
- Elective surgeries and procedures scheduled for February 19, 20, and beyond faced cancellation.
- Imaging appointments, routine check-ups, cancer treatments, and chronic pain management sessions halted.
- Emergency services continued at the main Jackson campus, but staff relied on paper records, manual orders, and phone communications.
UMMC serves as Mississippi’s only academic medical center and largest public hospital system. It provides care to patients across the entire state through its main facility in Jackson and the network of 35 clinics in various locations. The system handles complex cases, including pediatric oncology, organ transplants, and specialized surgeries. When the ransomware locked systems, clinicians lost instant access to patient histories, lab results, medication lists, and imaging scans stored electronically.
Hospital leadership confirmed the incident as ransomware within hours. They notified law enforcement, including federal agencies, and began forensic investigation with cybersecurity experts. No specific ransomware group publicly claimed responsibility in initial reports, but the pattern matched typical healthcare-targeted attacks: encryption of critical systems followed by demands for payment in cryptocurrency.
Recovery efforts started immediately. UMMC assembled incident response teams to:
- Assess the breach scope and determine if patient data was exfiltrated.
- Restore systems from backups and isolate clean systems.
- Test systems for safety before resuming normal clinic operations by early March.
Patients faced direct consequences. Children with cancer experienced delays in critical tests, such as bone marrow procedures. Adults with chronic conditions missed scheduled treatments. Families reported driving long distances only to find clinics shuttered and appointments voided without advance notice in many cases. UMMC set up a triage phone line (601-815 number) for patients to seek guidance, but overload limited effectiveness. Social media posts from the hospital provided the primary updates on status.
The incident exposed ongoing vulnerabilities in U.S. healthcare cybersecurity. Ransomware attacks on hospitals increased steadily, with healthcare remaining the most targeted sector in early 2026 disclosures. Experts noted that medical records hold high value on the dark web due to their detail and difficulty in replacement. A single breach can expose identities, diagnoses, insurance details, and treatment histories for identity theft or fraud.
John Riggi from the American Hospital Association stated:
“Ransomware incidents targeting hospitals continued at a concerning rate.”
He emphasized the growing dependency on networked technology for care delivery and the risks when systems go offline for extended periods. Recovery from such attacks often takes weeks to months, as organizations verify data integrity and rebuild trust in restored networks.
UMMC’s reliance on Epic, a widely used electronic health records system, highlighted a common point of failure. When the network went down, staff reverted to pen-and-paper processes, slowing care and increasing error risks. This manual fallback strained resources in an already understaffed system serving a rural and underserved state like Mississippi.
Broader implications reached beyond Mississippi. The attack raised alarms about regional healthcare resilience. Mississippi’s population depends heavily on UMMC for advanced care unavailable locally. Disruptions forced transfers or delays that risked patient outcomes in time-sensitive cases. Federal officials monitored the incident closely, as healthcare cyberattacks threaten national critical infrastructure.
Investigators examined entry methods, noting common vectors in similar attacks:
- Phishing emails or compromised credentials.
- Unpatched software vulnerabilities without multi-factor authentication.
Financial pressure mounted. UMMC operates as a public entity with limited reserves. Canceled elective procedures reduce revenue, while emergency care continues at higher resource cost. Ransomware demands, though rarely paid publicly by U.S. hospitals due to policy and law enforcement guidance, add uncertainty. The group behind the attack likely sought millions, following patterns seen in prior healthcare breaches.
Cybersecurity experts warned that healthcare providers must assume persistent threats. Medical data remains a prime target because attackers know hospitals cannot afford prolonged downtime. Patient safety hangs in the balance when systems fail. Calls increased for mandatory federal standards on backups, segmentation, and rapid recovery capabilities.
The February 19, 2026, ransomware attack on UMMC disrupted essential medical services across Mississippi and exposed the fragility of digital healthcare infrastructure in the face of determined cybercriminals.
This attack underscores the urgent need for stronger defenses against ransomware in every U.S. hospital network.
