What happened
The Medusa ransomware group claimed responsibility for a cyberattack on the University of Mississippi Medical Center (UMMC) that caused widespread disruption across the organization’s systems. The attack, which occurred in late February 2026, forced the healthcare provider to operate offline for nine days, with staff reverting to manual processes such as paper records and improvised workflows. Multiple systems, including those supporting clinics, were affected, leading to the closure of dozens of outpatient facilities while hospitals and emergency services remained operational. The attackers later demanded an $800,000 ransom and threatened to leak stolen data if payment was not made. U.S. federal agencies, including the FBI and Department of Homeland Security, assisted in the response and recovery efforts.Â
Who is affected
The University of Mississippi Medical Center, its staff, and patients relying on its services were affected, particularly those impacted by clinic closures and disruptions to healthcare operations.Â
Why CISOs should care
The incident demonstrates how ransomware attacks on healthcare organizations can disrupt critical services and force operational fallback to manual processes while recovery efforts are underway.Â
3 practical actions
- Prepare for operational downtime scenarios. Ensure critical services can continue during system outages using fallback procedures.Â
- Segment healthcare systems. Limit the spread of ransomware across clinical and administrative environments.Â
- Coordinate with authorities during incidents. Engage agencies like the FBI for support in response and recovery.Â
For more coverage of major incidents and threat activity, explore our reporting on Cyberattacks.