Dive Brief:
- The University of Mississippi Medical Center has closed its clinics across the state through Tuesday due to a ransomware attack, the provider said in a statement Saturday.
- However, UMMC’s hospitals and emergency departments in Jackson, Grenada, Madison County and Holmes County will remain open, the health system said. Clinic appointments and elective procedures will be rescheduled when possible.
- UMMC’s clinics first shut down on Thursday after the academic medical center was hit by the cyberattack, which took its Epic electronic health record offline, according to a UMMC post on Facebook.
Dive Insight:
UMMC, which operates seven hospitals, is Mississippi’s only academic medical center. The health system is working with federal authorities — including the FBI — and other national experts to respond to the attack, according to a Friday statement.
The cyberattack removed or restricted access to phone and email systems, but UMMC is working with a third-party vendor to send communications to patients, the health system said.
For inpatient operations, UMMC has moved to downtime procedures, including documenting care and sending orders on paper, Dr. LouAnn Woodward, UMMC’s vice chancellor for health affairs and top executive, said in a statement Friday.
The academic medical center is also working to schedule appointments for patients who need time-sensitive care, like chemotherapy.
“To use a medical phrase — we have stopped the bleeding. And while we know much more now than we did 24 hours ago, the extent and the scope of the intrusion is still not fully understood,” Woodward said.
Ransomware, a type of malware that denies users access to their data until a ransom is paid, can be a serious threat to health systems. The attacks can take critical technology offline, forcing hospitals to delay care or send emergency cases to other facilities.
Some providers also report an increase in mortality rates in the wake of an attack, and sensitive patient data can be exposed. Cybercriminals are increasingly targeting the healthcare sector in part due to the high value of medical records on the dark web, experts say.
Returning to normal operations after an attack can be slow, too. Only 22% of healthcare organizations fully recovered from a ransomware attack in less than a week, while nearly 40% took more than a month, according to a 2024 survey by cybersecurity firm Sophos.
