UMMC Ransomware Attack Disrupts Healthcare Across Mississippi
A ransomware attack detected in the early hours of Thursday, February 19, 2026 has severely disrupted the University of Mississippi Medical Center (UMMC), forcing the health system to close all 35 of its statewide clinics and cancel elective procedures and surgeries. The attack brought down UMMC's critical EPIC electronic medical record (EMR) system, forcing staff to revert to pen-and-paper recordkeeping.
As of February 25, clinics across the state remain closed and elective procedures continue to be canceled while IT teams and external cybersecurity experts work to restore systems. The FBI has surged resources — both locally and nationally — into the incident.
| Attribute | Value |
|---|---|
| Target | University of Mississippi Medical Center (UMMC) |
| Attack Detected | February 19, 2026 |
| Systems Down | EPIC EMR, IT network infrastructure |
| Clinics Closed | 35 statewide health clinics |
| Services Cancelled | Elective procedures, outpatient appointments, surgeries |
| Emergency Services | Open — ED accepting patients |
| FBI Involvement | Yes — Special Agent in Charge Robert A. Eikhoff |
| Ransomware Group | Unknown (no claim as of Feb 25) |
What Happened
The ransomware attack was detected in the early hours of February 19 and rapidly spread across UMMC's network, impacting a wide range of IT systems. The EPIC EMR platform — used to manage patient records, scheduling, and clinical workflows — was taken offline, creating cascading disruptions across the health system.
Scope of Disruption
All 35 UMMC health clinics providing services ranging from cancer treatment to chronic-pain management were temporarily closed. Staff at affected facilities reverted to paper-based processes for in-patient care to ensure continuity of treatment for admitted patients.
What Remained Operational
UMMC officials confirmed that the emergency department remains open and is accepting patients. All clinical equipment and operations remain functional — only IT systems and patient records access were impacted.
FBI Response
An FBI agent attended UMMC's press conference, with Special Agent in Charge Robert A. Eikhoff confirming the Bureau is actively investigating. Eikhoff declined to provide specifics on the ransomware variant or attributing the attack to a specific threat group, stating the FBI is "surging resources, both locally and nationally, into this incident."
| Impact Area | Description |
|---|---|
| Clinical Operations | 35 clinics closed statewide |
| Surgical Services | Elective procedures and surgeries canceled |
| Patient Records | EPIC EMR offline — paper-based fallback in use |
| Emergency Care | Unaffected — ED remains open |
| Data | Under investigation — no confirmed exfiltration |
Recommendations
For Healthcare Organizations
- Ensure offline backups of EMR systems are tested and recoverable without touching network-connected infrastructure
- Implement network segmentation to prevent ransomware lateral movement between clinical and administrative systems
- Maintain paper-based downtime procedures that staff are trained on — UMMC's ability to continue inpatient care depended on this
- Conduct tabletop exercises simulating EMR outage to identify care continuity gaps before an incident
For Security Teams
- Prioritize patching EMR-connected systems and limit internet-exposed management interfaces
- Deploy EDR solutions with behavioral detection on healthcare endpoints
- Review third-party vendor access to clinical systems — initial access vectors in healthcare ransomware often involve supply chain or remote access tooling
Key Takeaways
- 35 clinics closed statewide — ransomware against healthcare systems has real consequences for patient access to care.
- EPIC EMR was the critical failure point — EMR platforms must be prioritized in healthcare cybersecurity planning.
- No ransomware group has claimed responsibility as of February 25, complicating attribution and negotiation timelines.
- The FBI is actively investigating with national resources, indicating the incident is viewed as critical infrastructure disruption.
- Paper-based fallback procedures allowed inpatient care to continue — a model other health systems should validate.
- Mississippi joins a growing list of states where healthcare ransomware attacks have created access-to-care crises in 2026.
Sources
- BleepingComputer: Mississippi medical center closes all clinics after ransomware attack
- NPR: Mississippi health system shuts down clinics statewide after ransomware attack
- Healthcare Dive: University of Mississippi Medical Center closes clinics amid ransomware attack
- HIPAA Journal: UMMC Shuts Clinics While it Grapples with Ransomware Attack
- Mississippi Free Press: Surgeries Canceled, Clinics Closed After UMMC Suffers Ransomware Attack