TL;DR: The University of Mississippi Medical Center got hit by ransomware on February 19, 2026. All 35 clinics statewide closed. Seven hospitals running on "downtime procedures": meaning doctors are using pen and paper. Chemotherapy appointments canceled. Elective surgeries postponed indefinitely. Epic electronic health records offline. The attackers made contact. The FBI has specialized teams on site. No one knows when systems will be restored, or whether patient data was stolen.
What Happened
At some point in the early hours of Thursday, February 19, 2026, ransomware operators breached the University of Mississippi Medical Center's network. They hit the jackpot: UMMC runs seven hospitals, 35 clinics, and over 200 telehealth sites across the state [1].
By Thursday morning, the damage was clear. Epic, the electronic health records system that doctors rely on for patient histories, medications, allergies, test results, was down. Phone systems were affected. IT staff took everything offline to stop the spread [2].
UMMC activated its Emergency Operations Plan and called in the FBI, Homeland Security, and three national cybersecurity vendors specializing in forensics and recovery [1].
The Patient Impact
This isn't abstract. Real people are being affected right now:
- All 35 clinics closed statewide, from cancer treatment centers to chronic pain management [1]
- Chemotherapy appointments canceled: treatment delays can be life-threatening [3]
- Elective surgeries postponed indefinitely. "Elective" includes things like tumor removals that aren't immediately fatal but can't wait forever [1]
- Doctors working blind: no access to patient histories, medication lists, or test results. Just pen and paper [2]
- Emergency services running on backup: hospitals remain open, but with severely limited capabilities
UMMC is the state's only Level I trauma center and the primary teaching hospital. This isn't a regional clinic. It's the medical backbone of Mississippi.
What We Know So Far
UMMC Vice Chancellor LouAnn Woodward held a press conference on Thursday afternoon. Her statement: "To use a medical phrase, we have stopped the bleeding. And while we know much more now than we did 24 hours ago, the extent and the scope of the intrusion is still not fully understood" [3].
The attackers have made contact with UMMC. The hospital is "working with authorities and specialists on next steps" [1]. Translation: they're negotiating, or at least listening to demands.
The ransomware group hasn't been publicly identified. UMMC isn't saying whether patient data was accessed or stolen. That answer may take weeks.
Mississippi's Fourth Hospital Attack in Three Years
This is the fourth ransomware attack to hit Mississippi hospital systems since 2023 [4]. The state's healthcare infrastructure keeps getting hammered:
- Healthcare systems across the state have been repeatedly targeted
- Rural hospitals with fewer security resources are especially vulnerable
- Mississippi's healthcare is already strained, and this makes it worse
Ransomware gangs know hospitals are soft targets. They operate on thin margins. They can't afford dedicated security teams. And they can't just "turn off the internet" when patients need care.
FBI Surging Resources
FBI Special Agent Robert Eikhoff confirmed the bureau is "surging resources, both locally and nationally, into this incident" [3]. Specialized cyber teams are on site. But there's only so much the FBI can do. Most ransomware gangs operate from Russia or other countries that don't extradite hackers.
Even if investigators identify the attackers, arrests are unlikely. The best-case scenario is system restoration and determining what data was compromised. Justice is secondary.
Was Your Data Stolen?
If you've ever been treated at UMMC or any of its 35 clinics, your medical records may have been accessed. We don't know yet. UMMC says it's "too early to tell" whether patient data was compromised [2].
If it follows the pattern of recent healthcare ransomware attacks, attackers likely exfiltrated data before encrypting systems. That's the new playbook: steal first, encrypt second. Even if UMMC doesn't pay the ransom, patient records could end up on dark web forums.
Medical records are valuable. They contain:
- Social Security numbers
- Addresses and contact information
- Insurance details
- Full medical histories: diagnoses, medications, mental health records
- Payment information
A complete medical record sells for more than a credit card number on criminal marketplaces. It enables insurance fraud, prescription fraud, and identity theft that can take years to untangle.
What UMMC Patients Should Do Now
Watch for Notifications
UMMC is required under HIPAA to notify affected patients if data was breached. But this can take 60 days or more. Don't wait.
Freeze Your Credit
If attackers have your SSN and personal details, they can open accounts in your name. Freeze your credit at Equifax, Experian, and TransUnion now.
Monitor Insurance Statements
Check Explanation of Benefits statements for services you didn't receive. Medical identity theft often shows up as phantom claims.
Request Your Records
Under HIPAA, you have the right to request your medical records. Once systems are restored, request them and check for unfamiliar entries.
The Bigger Picture
This is what the healthcare ransomware epidemic looks like in practice. In 2025 alone, ransomware gangs launched 293 attacks on hospitals and clinics, exposing 44.3 million patients' medical records [5].
Predictions for 2026: 40% of health systems will be hit. 60% of hospitals will experience care disruptions. UMMC is just the latest victim.
Until there are real consequences (mandatory security standards, international prosecution of ransomware gangs, actual penalties for healthcare organizations that don't protect patient data) this will keep happening.
Mississippi's largest medical system is running on pen and paper. Cancer patients are missing chemo. Surgeries are canceled. And somewhere, the attackers are waiting for a payout.
References
- NPR – Mississippi health system shuts down clinics statewide after ransomware attack
- Mississippi Today – UMMC computer systems down after cyberattack
- CNN – Major cyberattack forces closure of clinics across Mississippi
- WLBT – UMMC cyberattack is fourth to hit Mississippi hospital systems in three years
- State of Surveillance – Healthcare Ransomware Epidemic: 44 Million Patients Exposed in 2025