In February 2026, UMMC fell victim to a ransomware attack that took its Epic electronic health record system offline across 35 clinics and over 200 telehealth sites. This forced the cancellation of chemotherapy appointments and postponement of non-emergency surgeries, disrupting patient care.
Initial Access
Network Breach
likely
Threat actors gained unauthorized access to the University of Mississippi Medical Center's (UMMC) internal network. The specific method of initial compromise was not detailed.
Defender cut points
Implement strong multi-factor authentication (MFA) for all remote access and critical systemsConduct regular vulnerability assessments and patch management
