University of Mississippi Medical Center Shut Down by Ransomware: Clinics Closed, Epic EHR Offline, FBI Engaged

A ransomware attack hit the University of Mississippi Medical Center on February 19, 2026, taking down its Epic EHR system, forcing the closure of all approximately 36 clinics statewide, canceling elective surgeries, and pushing providers back to pen-and-paper documentation. The shutdown entered its second day on February 20, with officials warning it could continue for days. The FBI is actively involved.

What Happened

UMMC Vice Chancellor LouAnn Woodward confirmed at a press conference that the attack affected many systems, including Epic. Hospitals and emergency rooms remain open with downtime protocols. Dialysis services at the Jackson Medical Mall are operational. Mississippi MED-COM, the state's coordinating network for hospital transfers, was also impacted, though redundancies kept patient routing functional. Woodward acknowledged investigators are still determining whether private patient information was compromised.

The FBI Response

FBI Special Agent in Charge Robert Eikhoff stated at the press conference that it is too early to communicate what they know, but the agency is surging resources both locally and nationally. The attackers contacted UMMC, but the university has not disclosed their demands.

The Pattern Is Undeniable

This attack lands less than two years after the Change Healthcare breach, the largest healthcare data breach in US history, which affected 192.7 million Americans, cost UnitedHealth Group $2.5 billion in direct impacts, and disrupted claims processing for 94 percent of hospitals. That attack exploited a lack of multi-factor authentication on a single Citrix remote access portal. The UMMC incident reinforces what every healthcare CISO already knows: healthcare is simultaneously the most targeted and most under-resourced sector for cybersecurity.

The Scale of Healthcare Ransomware

Healthcare ransomware attacks increased 264 percent between 2018 and 2024. The average cost of a healthcare data breach reached $10.93 million in 2024, the highest of any industry for the thirteenth consecutive year. In 2025, healthcare organizations experienced an average of 19 days of EHR downtime per ransomware incident. The operational impact extends beyond IT: delayed diagnoses, diverted ambulances, postponed surgeries, and in documented cases, patient deaths attributable to care delays during ransomware-induced outages.

What Enterprise Buyers Must Confront

UMMC is a major academic medical center, not a small rural hospital with a three-person IT team. If its defenses were not sufficient, the question for every health system board is direct: what is your ransomware recovery timeline? Can you operate on paper for three days? Five? A week? The organizations that survive these incidents are the ones that have tested, not just documented, their downtime protocols. If your EHR goes dark tomorrow morning, does your staff know what to do before the IT team picks up the phone?