University of Mississippi Medical Center clinics across the state will remain closed and elective procedures are canceled through Wednesday as officials respond to a cyberattack that targeted the state’s only academic medical center.
Patients across Mississippi have missed health care appointments and surgeries since the cyberattack, which occurred Feb. 19 and compromised the health care system’s IT network, forcing the shutdown of computer systems that hold patients’ electronic health records.
The medical center has released few details about when it expects to resume normal operations, how extensive the attack was, what the attacker has demanded or whether any data was compromised. Dr. LouAnn Woodward, vice chancellor for the medical center, confirmed the attacker has made financial demands in a Tuesday interview with SuperTalk.
“Our highest concern is getting our services back open to be able to take care of our patients,” Woodward said. “But very quickly right after that is the integrity of our patient data.”
Ransomware, or malicious software that holds computer systems or data hostage in demand for a payment, has increasingly targeted health care organizations with the aim of garnering large payouts by disrupting critical infrastructure, said Dr. Christian Dameff, an associate professor and co-director of the Center for Healthcare Cybersecurity at the University of California San Diego.
Recovering hospital computer systems is often a labor and time-intensive process that involves rebuilding infrastructure, patching security gaps and ensuring that infiltrators no longer have access to the system, Dameff said. He said the breach at UMMC appears similar to other sophisticated attacks, which typically take more time to rebuild.
“It’s not uncommon to see a ransomware attack like this last weeks to months,” Dameff said. He added that the impact of a cyberattack can persist for years after the intrusion.
A 2020 cyberattack on the University of Vermont Medical Center resulted in the academic medical center losing access to its electronic medical record system for 28 days and cost the system about $65 million, according to Vermont Public. Like the attack on UMMC, it led to canceled health appointments and impeded residents’ access to specialized care.
Credit: Courtesy of Ashly ThompsonAshly Thompson is a Forest resident with neurofibromatosis, a genetic disorder that causes benign tumors to grow on nerve endings. She underwent surgery at UMMC on Feb. 11 to remove tumors on her arms, legs, face and stomach, a procedure that required a skin graft.
Thompson was scheduled for follow-up appointments Feb. 19 — the first day of the cyberattack — and the following Wednesday, but both appointments were canceled. On Monday, she told Mississippi Today that her skin was growing over her stitches, a complication that has resulted in infection in the past, and that she had run out of pain medication.
She went to a separate, local emergency department Monday, but staff told her they could not remove the stitches and recommended she return to her surgeon, which she said caused her anxiety because she did not know when she would be able to have her stitches removed or pain medication refilled.
UMMC contacted Thompson Tuesday morning to inform her she is scheduled for a post-operative care appointment on Friday as a part of the medical center’s effort to schedule time-sensitive appointments.
The public hospital system is operating a triage line as of Monday to field calls from patients, such as requests for medication refills or postoperative care visits, according to a hospital social media post. The call line, which can be reached at 601-815-0000, will prioritize time-sensitive needs.
“Teams are working around the clock to restore full operations and help as many people as quickly as we possibly can,” said the hospital’s statement.
Large-scale attacks can also affect nearby hospitals that aren’t under attack, creating what Dameff called a cyberattack “blast radius.” His 2021 study of a month-long ransomware attack on a single San Diego hospital found that emergency rooms at two nearby hospitals saw higher patient volumes, longer wait times, more stroke patients and more instances where patients left the hospital without seeing a doctor.
This is not the first time a cyberattack has affected hospitals in Mississippi. In December, Singing River Health System on the Gulf Coast shut down some computer systems after identifying a “potential cyber incident.” In 2023, separate attacks affected Singing River Health System and OCH Regional Medical Center in Starkville.
There are few clear national standards for responding to cyberattacks on health care organizations, Dameff said. Plans for responding to the infiltrations are often not comprehensive enough or drilled in advance, and almost all hospitals struggle during the recovery process.
Some states have made efforts to increase hospital security against cybersecurity intrusions. In 2024, the New York State Department of Health imposed new cybersecurity regulations for all general hospitals. Maine lawmakers are currently considering legislation that would require hospitals to develop plans for cybersecurity attacks after cyberattacks last summer shut down several Maine hospitals, according to the Maine Wire.
A comprehensive plan to respond to cybersecurity attacks requires both preventive measures and preparation for the worst, Dameff said.
“We need to spend time and money trying to prevent these attacks,” he said. “But, we have to prepare for when we go down, because that is inevitable.”
Cyberattackers frequently employ “double extortion” tactics, meaning they demand payment not only to restore access to a hospital’s computer system but also to prevent the release of stolen data, Dameff said. Paying the ransom does not necessarily accelerate the recovery of computer systems, he said, yet organizations sometimes choose to pay in order to avert a potential data breach.
Federal agencies, including the FBI, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency, have been assisting UMMC in the recovery process.
UMMC facilities include seven hospitals and 35 clinics statewide, and it operates the state’s only Level 1 trauma center. Roughly 10,000 people work for UMMC, making the health care provider one of the state’s largest employers, and UMMC’s annual budget amounts to about $2 billion.
Emergency departments at UMMC hospitals in Jackson, Grenada, Madison County and Holmes County remain open, according to a Saturday statement from the hospital.
The shutdown also disrupted county health departments, which rely on the same electronic health record system. Although the system was taken offline as a precaution, health departments continue to accept patients as usual, said Mississippi State Department of Health spokesperson Greg Flynn.
Hence then, the article about expert says ummc could face weeks to months of recovery after cyberattack was published today ( ) and is available on Mississippi Today ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( Expert says UMMC could face ‘weeks to months’ of recovery after cyberattack )
Also on site :
- Russia exposed plot to blow up Black Sea gas pipelines – Putin
- OpenAI COO says ‘we have not yet really seen AI penetrate enterprise business processes’
- Finastra Teams up with CargoX to Further Adoption of Digital-at-Source Electronic Trade Documentation