University of Mississippi Medical Center (UMMC) shut down all 35 statewide clinics after discovering a ransomware infection that took its information systems offline, the provider said in a social‑media statement cited by Security.nl. Announced Thursday and effective Friday, the closures forced cancellation of appointments, elective procedures and most other non‑urgent care while the organization works to restore IT access.
Independent reporting
Local and national outlets
US news outlets including CNN and UPI, as well as the Clarion‑Ledger and Mississippi Public Broadcasting, have published similar accounts. Headlines such as “Major cyberattack forces closure of clinics across Mississippi” confirm the operational impact reported by UMMC.
Attack details scarce
Confirmed facts
UMMC said it was the target of a ransomware attack and that it had been contacted by the actors, but provided no information on the ransomware family, the extent of data access or a ransom demand. The centre operates seven hospitals that remain open; the disruption is confined to the clinic network. IT systems remain offline, and officials warned the effects could last several days.
Patient care disrupted
Operational impact
Services across Mississippi — including primary care, specialty clinics and outpatient treatment — were affected. Officials said appointments will be rescheduled once systems are restored; it is not yet known whether patient records were exfiltrated. The incident illustrates healthcare’s operational dependence on interconnected IT environments.
Wider context
Recent healthcare incidents
The UMMC incident comes as ransomware continues to strike medical organisations globally; a Belgian hospital took a month to recover from an August‑2025 incident. UMMC’s pre‑emptive clinic closures mirror a trend in which providers isolate networks to contain intrusions. For guidance on response and mitigation, see CISA’s StopRansomware guidance. See also our coverage of cloud‑native ransomware trends here.
What defenders should do
Immediate actions
- Monitor for ransomware indicators such as unusual remote‑desktop or device traffic, unexpected cryptomining processes, or large volumes of encrypted files.
- Maintain frequent, tested off‑site backups and retain air‑gapped copies of critical patient records.
- Segment clinical applications from general‑purpose IT and remote‑access services to limit lateral movement.
- Notify regulators and affected patients as required; prioritize patching of known‑exploited vulnerabilities that could provide initial access.
Even regional health systems can be halted by encrypting malware. Organisations with distributed clinic networks should exercise incident‑response playbooks, validate recovery procedures, and assume threat actors will continue using ransomware to disrupt care.
