Mississippi’s largest hospital group is still reeling from a ransomware attack late last week that has forced its IT systems offline.

The University of Mississippi Medical Center (UMMC) is one of the state’s largest employers, with over 10,000 staff working across seven hospitals, dozens of clinics and over 200 telehealth sites.

It revealed in a post on X on February 19 that “many UMMC IT systems are down, including access to our electronic medical records,” due to a cybersecurity attack.

“Outpatient and ambulatory surgeries/procedures and imaging appointments are cancelled and will be rescheduled,” it continued. “Hospital services are continuing for our patients using downtime procedures.”

UMMC subsequently revealed that it is working with the Department of Homeland Security (DHS) and the FBI, having activated its Emergency Operations Plan. It said it had taken all “network systems” offline as a precaution “and will conduct risk assessments before bringing anything back online.”

All clinics will remain closed on Monday 23 and Tuesday 24 February, with elective procedures cancelled on those days and appointments rescheduled “where possible.”

Its hospitals and emergency departments in Jackson, Grenada, Madison County and Holmes County remain open using “downtime procedures" - which effectively means staff reverting to pen and paper to do their jobs.

Although the identity of the group responsible is currently not know, local reports suggest the threat actors have contacted UMMC. It’s also unclear if any employee or patient data was stolen in the attack.

Resilience is Vital

Steven Swift, MD at Suzu Labs, argued that organizations should plan for worst-case scenarios like this by building resiliency into backup architecture – keeping a copy of backups offline and/or in immutable storage.

“Similarly, organizations should be designing their security architecture around high-impact threats such as ransomware. Ensure that EDR is on all systems. Perform annual pen tests that mimic the techniques used in ransomware, so you can find and fix critical security gaps before a bad actor finds it,” he continued.

“Upgrade legacy multi-factor authentication (MFA) solutions to be phishing resistant, so that it’s difficult for attackers to get that initial foothold. Perform credential audits, so you can find/fix all the poor quality and repeated passwords being used. Perform vulnerability scans, and actually patch and keep systems current.”

Michael Centrella, head of public policy at SecurityScorecard, warned that healthcare organizations (HCOs) are on the “front lines” in the battle against cyber adversaries.

“The disruption of medical services demonstrates why states must prioritize continuous monitoring, supply chain oversight, and executive-level cyber accountability,” he added. “Resilience isn’t optional, it’s essential to maintaining public trust and operational continuity.”

On rare occasions, ransomware attacks on HCOs have even led to patient fatalities.