Major cyberattack forces closure of clinics across Mississippi
By Sean Lyngaas, CNN
(CNN) — A ransomware attack has forced one of Mississippi’s largest health care systems to close clinics across the state on Friday, raising larger concerns about the cybersecurity of medical facilities across the country.
The closure affects all 35 of the University of Mississippi Medical Center’s health clinics, which provide a range of care to patients from cancer treatment to chronic-pain management. The attack also caused the cancelation of elective procedures in what health officials said would be a “multi-day event.”
Doctors at UMMC are now using pen and paper as they treat patients because they are cut off from the electronic health records system they normally use to draw up patient information. A top FBI official in the state said the bureau was “surging resources both locally and nationally” in response to the attack.
The digital outage and cancellation of surgeries could strain a medical system whose $2 billion budget, according to its website, accounts for two percent of the state’s economy.
Emergency rooms remain open and UMMC doctors are drilled on delivering services when computers are down.
“We do not know how long this situation may last,” LouAnn Woodward, a vice chancellor at UMMC, said at a press conference Thursday. “As a precaution, all of our IT systems have been taken down, and risk assessment will be conducted before we bring things back up.”
A disruptive ransomware attack like this is familiar to hundreds of health care organizations across the US, which have suffered attacks in recent years. Other ransomware attacks have threatened patient safety, caused delays in crucial medication being distributed and cost the economy billions of dollars in aggregate. The attacks typically involve the hackers locking or stealing data and then demanding payment from victim hospitals.
It was unclear Friday if the hackers had made ransom demands. In general, hospitals can be vulnerable to extortion by hackers because of the pressure hospital executives face to get critical care functions back online, experts have told CNN.
Officials from the FBI and the Department of Health and Human Services have been closely monitoring the UMMC ransomware attack’s impacts since Thursday, sources familiar with the federal response told CNN.
“The attackers have communicated to us and we’re working with the authorities and the specialists on next steps,” Woodward told reporters.
“Ransomware attacks targeting US hospitals and health care continue to increase at a very concerning rate,” said John Riggi, national advisor for cybersecurity and risk at the American Hospital Association.
“Any cyberattack which disrupts or delays health care delivery, poses a risk to patient and community safety,” Riggi said, speaking generally rather than on the Mississippi hack specifically. “This is especially so in rural areas where the next nearest available hospital or trauma center may be over 100 miles away.”
There is a broader concern in the US health care sector about potential blowback in cyberspace if the US military strikes Iran in the coming days, which has prepared to do if ordered by President Donald Trump.
Iranian hackers have been linked to numerous cyberattacks on US health organizations in the past decade, and cyber specialists are preparing for a possible uptick in hacks should the US strike, one expert told CNN. There is no indication that Iran is responsible for the attack in Mississippi.
“We are keeping an elevated threat level and watching this Iran situation for potential impacts,” said one cyber expert focused on health care who spoke on the condition of anonymity because they were not authorized to speak to the press.
The-CNN-Wire
™ & © 2026 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.
