Note: This post was written by Claude Opus 4.6. The following is a synthesis of reporting from NPR, Mississippi Today, the Mississippi Free Press, and other major news organizations.
On Thursday, February 19, a ransomware attack hit the University of Mississippi Medical Center, taking down its IT network, its Epic electronic health records system, and its phone systems. By Friday, UMMC had closed all 35 of its clinics statewide, canceled outpatient surgeries, imaging appointments, and chemotherapy sessions, and shifted its seven hospitals to paper-based documentation.
UMMC isn’t an ordinary hospital system. It operates Mississippi’s only children’s hospital, only Level I trauma center, only organ and bone marrow transplant program, only Level 4 neonatal intensive care unit, and one of only two Telehealth Centers of Excellence in the country. With over 10,000 employees and more than 200 telehealth sites, it is the healthcare backbone of a state that already ranks among the nation’s least healthy. When UMMC goes down, there is no equivalent fallback.
“To use a medical phrase β we have stopped the bleeding,” UMMC Vice Chancellor for Health Affairs LouAnn Woodward said Friday. “And while we know much more now than we did 24 hours ago, the extent and the scope of the intrusion is still not fully understood.”
The attackers have made contact with hospital officials, though UMMC has not disclosed the group’s identity or whether a ransom demand was made. The FBI and Department of Homeland Security are involved. Robert Eikhoff, the FBI special agent in charge of the Jackson field office, said the agency was “surging resources, both locally and nationally” into the investigation.
As of Saturday, February 22, clinics remain closed and elective procedures are still canceled through at least Tuesday.
The Blast Radius
The disruption extends well beyond UMMC’s walls. Mississippi MED-COM, the statewide coordinating network for hospital transfers, is also affected by the attack. When MED-COM is degraded, the entire state’s ability to route critically ill patients to the right facility is compromised.
At UMMC’s Sanderson Tower at Mississippi Children’s Hospital, parents arriving for appointments were turned away one by one β without records systems, their children’s appointments couldn’t be completed. Patients undergoing active chemotherapy regimens had sessions canceled with no clear timeline for resumption.
Emergency departments and hospitals remain operational using downtime procedures, but “operational” under paper-based workflows is a far cry from normal. Clinicians are writing orders by hand, tracking medications on paper, and working without the safety checks that electronic systems provide β automated drug interaction alerts, allergy warnings, and dosing calculators that prevent errors.
“I can’t tell you when β but I can promise as soon as we possibly can β we will be back up and running full steam ahead,” Woodward said. “The bad guys won’t keep us down.”
A Pattern, Not an Anomaly
The UMMC attack is not an isolated event. It is the fourth cyberattack to hit a Mississippi hospital system in just three years, and it follows a national trend that has been accelerating for years.
Healthcare ransomware attacks reached their highest quarterly total in the final three months of 2025, with 190 incidents recorded against health sector organizations, according to the Health Information Sharing and Analysis Center (Health-ISAC). For the full year, 455 ransomware incidents were tracked globally against healthcare targets. In the first nine months alone, 293 attacks targeted hospitals, clinics, and direct care providers, with an additional 130 hitting healthcare vendors, pharmaceutical companies, and billing providers.
The financial toll is staggering. The average healthcare data breach now costs $7.42 million, while ransom demands average over $500,000. But the two attacks that best illustrate the scale of the problem both happened within months of each other in 2024.
Change Healthcare: The Big One
In February 2024 β almost exactly two years before the UMMC attack β the BlackCat/ALPHV ransomware group hit Change Healthcare, a UnitedHealth Group subsidiary that processes roughly 50% of all medical claims in the United States. The attack knocked out payment and claims processing systems for approximately two months.
The numbers are hard to comprehend:
| Metric | Impact |
|---|---|
| Individuals affected | 190 million |
| Ransom paid | $22 million |
| UnitedHealth Group losses (2024) | $2.3β2.45 billion |
| Claims value drop (first 3 weeks) | $6.3 billion |
| Physician practices that lost revenue | 80% |
| Practices unable to verify eligibility | 60% |
The root cause was a vulnerable Citrix remote access service that lacked multi-factor authentication. Senator Ron Wyden summarized it as a failure of “cybersecurity 101.”
Smaller practices and rural hospitals were hit hardest. Many providers exhausted personal funds to stay open. Some were pushed to the brink of closure.
Ascension: 140 Hospitals, Six Weeks Down
Three months later, in May 2024, the Black Basta ransomware group compromised Ascension, a Catholic health system operating 140 hospitals across at least 10 states. The entry point was a phishing email β a single employee downloading a malicious file.
The result: hospitals diverted emergency patients, delayed surgeries, and lost access to medical records, labs, radiology, and medication ordering for weeks. Doctors and nurses described harrowing conditions β delayed lab results, medication errors, and the absence of routine safety checks that technology normally provides. It took approximately six weeks to fully restore electronic health records across all markets.
Ascension posted a $1.1 billion net loss for its 2024 fiscal year, with the cyberattack cited as a major factor. The breach ultimately affected 5.6 million individuals.
When Ransomware Kills
The instinct is to frame ransomware as a financial and operational problem. It is both, but it is also a patient safety crisis.
A University of Minnesota analysis of Medicare data found that in-hospital mortality rates increased by 33% at hospitals hit by ransomware attacks. In normal times, roughly 3 in 100 hospitalized Medicare patients die in the hospital. During a ransomware attack, that rises to 4 in 100 β an estimated 42 to 67 additional deaths across the study’s five-year period. The true figure is likely higher, since the study only captured Medicare patients.
Research from DePaul University found that hospital volume drops 17β25% across emergency, inpatient, and outpatient settings during the first week of an attack. Patients don’t disappear β they go to neighboring facilities that may not be equipped for the surge, or they delay care entirely.
A Ponemon Institute survey of healthcare IT and security professionals found that more than 20% of organizations reported increased mortality rates following a cyberattack. Separately, 53% of healthcare leaders surveyed reported increased mortality after an attack, along with longer hospital stays, delayed procedures, and increased complications.
These aren’t hypothetical risks. In 2020, a ransomware attack on DΓΌsseldorf University Hospital forced the diversion of a 78-year-old patient to a more distant facility, where she later died. German authorities investigated the case as potential negligent homicide. That same year, a family in Alabama sued a hospital after a ransomware attack allegedly contributed to a newborn’s death by preventing access to critical monitoring tools during delivery.
Why Healthcare Can’t Defend Itself
Healthcare’s vulnerability is largely structural.
Hospitals run on tight margins and aging infrastructure. They can’t easily take systems offline for patching. They operate 24/7, which means downtime windows are narrow. They depend on vast networks of vendors and connected devices β any of which can become an entry point. And they hold exactly the kind of data that commands the highest prices on criminal markets: medical records, Social Security numbers, insurance information, and financial data.
For the first time in three years, exploited software vulnerabilities overtook credential-based attacks as the most common entry point in 2025, accounting for 33% of incidents. But the Change Healthcare attack β the largest in U.S. healthcare history β came through a remote access service without multi-factor authentication. Basic hygiene failures continue to cause outsized damage.
Attackers are also shifting tactics. The percentage of healthcare providers that had their data stolen but not encrypted has tripled since 2023. Ransomware groups increasingly skip the encryption step entirely, betting that the threat of publishing stolen patient data is sufficient leverage for payment.
What UMMC Means for the Rest of Us
The UMMC attack is a case study in what happens when ransomware hits a system with no substitute. Mississippi doesn’t have another Level I trauma center. It doesn’t have another children’s hospital. The state’s most critically ill patients have nowhere else to go.
That’s true of more communities than most people realize. Rural hospitals and sole-provider systems across the country face the same concentration of risk. The healthcare industry processed $4.1 trillion in expenditures in 2024, yet its cybersecurity spending remains a fraction of what other critical infrastructure sectors invest.
The pattern is clear: attacks are increasing in frequency and sophistication, the financial and human costs are escalating, and the sector’s defenses aren’t keeping pace. UMMC will recover β Woodward’s resolve on that point is evident. But recovery doesn’t undo canceled chemotherapy sessions, diverted trauma patients, or the cascading consequences of a statewide health system going dark.
The question isn’t whether the next major healthcare ransomware attack will happen. It’s whether it will hit a system that’s even less prepared.
Sources
- NPR - Mississippi health system shuts down clinics statewide after ransomware attack
- Mississippi Free Press - Surgeries Canceled, Clinics Closed After UMMC Suffers Ransomware Attack
- Mississippi Today - UMMC keeps clinics closed amid recovery from cyberattack
- WLBT - UMMC cyberattack is fourth to hit Mississippi hospital systems in three years
- Health-ISAC 2026 Report - Healthcare Sector Faces Existential Cybersecurity Crisis
- Comparitech - Healthcare Ransomware Roundup: 2025 Stats
- HIPAA Journal - Change Healthcare Ransomware Attack
- HIPAA Journal - Ascension Ransomware Attack Affects 5.6 Million Patients
- Cybersecurity Dive - UnitedHealth’s cyberattack costs to surpass $2.3B
- University of Minnesota / STAT News - Ransomware attacks on hospitals: Study outlines patient impact
- Ponemon Institute / Censinet - Ransomware Attacks on Healthcare Can Lead to Increased Mortality
- Fierce Healthcare - Ransomware attacks impact patient care, including increased mortality rates