After the University of Mississippi Medical Center was hit by a Feb. 19, 2026, ransomware attack, LouAnn Woodward, vice chancellor for health affairs and dean of the school of medicine, said in a news conference that officials had been in communication with the perpetrators, but offered no further information about that.

“The attackers have communicated to us and we are working with the authorities and specialists on next steps,” Woodward said, adding that hospital officials did not know how long the interruption would last.

The obvious question is what sort of communication with the hackers Woodward was describing. In a ransomware attack, hackers utilize malicious software to encrypt their victim’s files, then demand payment for the decryption key while threatening to delete or publish the data. In recent cases involving hospitals in neighboring Alabama, officials ended up paying undisclosed amounts to get their operations back online.

On its Facebook page, UMMC posted on the day of the attack that, “Due to a cybersecurity attack, many UMMC IT systems are down, including access to our electronic medical records, EPIC. Today, all UMMC clinic locations statewide are closed. Outpatient and ambulatory surgeries/procedures and imaging appointments are cancelled and will be rescheduled. Hospital services are continuing for our patients using downtime procedures. We apologize for this unexpected disruption, and we will provide further updates as information is available.”

In the days since, the FBI and the federal Department of Homeland Security have gotten involved, but hospital officials have provided few details to the public. A spokesperson for UMMC declined to provide further information to The Mississippi Independent about its communications with the attackers or about any changes to the system’s cybersecurity budget that could have made the system more vulnerable. The spokesperson suggested following UMMC’s Facebook page for updates.

State Rep. Fabian Nelson (D-Byram) told The Mississippi Independent that the House Technology Committee is working “to keep the state of Mississippi and all of its institutions safe” by constantly reviewing regulations and procedures to combat new and emerging threats.

Asked what could be learned from the UMMC attack, Nelson had no ready answer. “Not only is Mississippi learning, but the entire country is learning what we need to do to close these additional back doors,” he said. “And unfortunately, it’s probably going to be another instance in the future where they’ll find a way to get around it. So, that’s the thing about technology, it’s always evolving. There are always people finding another way in and out, but we will be learning from this, and we will be able to make sure that no one is ever able to attack us again this way.”

UMMC currently has a budget of around $2 billion, but it is unclear how much of that is allocated to cybersecurity or whether there have been any modifications to the cybersecurity allocation amid the rising occurrence of these events.

State Institutions of Higher Learning spokesperson John Sewell told The Mississippi Independent that, “Cybersecurity is obviously an important component of any public or private entity these days. IHL and the public universities all work to manage their systems through best practices, such as multi-factor authentication, as recommended by ITS and industry standards. Given the critical need for protection of healthcare data, the University of Mississippi Medical Center has fully invested in its cybersecurity and will continue to do so as it recovers from this current cyberattack.”

As such attacks have become more prevalent, especially in the case of healthcare systems, many institutions have not taken appropriate steps to keep their systems safe and patient data secure, according to a 2024 report by Kroll. The report found that more than 26 percent of healthcare organizations lack a full complement of recommended threat and detection capabilities. Only 3 percent of healthcare industries have cybersecurity features that go beyond basic monitoring, the report found.

Other reports have noted that hospitals devote less of their IT budget to cybersecurity today than in 2023. In the last three years, 8 percent of hospitals said they invest 10 percent or more of their IT budget on cybersecurity. In 2023, 10 percent of hospitals did so. In the case of for-profit hospitals, the percentage that spend at least 10 percent of their IT budgets on cybersecurity went from 22 percent in 2023 to around 18 percent in 2024.

The Searchlight Ransomware H2 2025 report found that the number of active ransomware groups has reached an all-time high with the growth rate of victims doubling since 2024. With ransomware software becoming more accessible, the barriers for entry into the world of hacking have been significantly reduced. Last year, 124 different ransomware groups were reportedly in operation, with 73 of those new to the landscape. Groups including Qilin provide affiliate hackers with what’s known as “ransomware-as-a-service” in return for a portion of the ransom payment paid back to the operators.

The increased availability and capability of AI have contributed to the rise in ransomware attacks. On the black market, a single patient record can be worth up to $1,000, making large data breaches potentially extremely profitable for the hackers.

UMMC is one of that state’s largest healthcare providers and operates seven hospitals and 35 clinics serving more than 70,000 patients annually, and has more than 10,000 employees. The cyberattack has brought significant disruption to countless lives.

The hospital system reported that within an hour of the attack it had activated an emergency operations plan, which is required by the Mississippi State Department of Health, and had alerted authorities with the FBI and Department of Homeland Security. As an extra precaution, UMMC has taken down all of its network systems, including phone and email, and will conduct risk assessments before bringing anything back online.

Included in the system shutdown are records used to book appointments and manage patient medical histories, test results and billing information. Whether any records regarding patient information or payment information were compromised, Robert Eikhoff, special agent in charge of the FBI’s Jackson Field Office, stated during Thursday’s press conference, “It is too early to communicate what we do and don’t know. We are in the process of surging resources both locally and nationally into this incident to make sure we are standing alongside UMMC and their vendors as we look to understand the extent of this attack and then the actions we need to take to help them on the path to recovery, with the number one priority being helping them get their systems up and providing services to their patients.”

After a similar ransomware attack on Alabama’s DCH Health Systems in October 2019, the hospital group was forced to pay the hackers an undisclosed sum in return for the key to unlock the targeted files. DCH spokesperson Brad Fisher was quoted saying, “This included purchasing a decryption key from the attackers to expedite system recovery and help ensure patient safety. For ongoing security reasons, we will be keeping confidential specific details about the investigation and our coordination with the attacker.”

UMMC hospitals and emergency departments in Jackson, Grenada and Madison and Holmes counties have remained open, but the closure of all other UMMC clinics continues, as does the cancellation of elective, non-emergency procedures.

To keep hospitals and emergency rooms operating, UMMC has turned to what’s known as downtime procedures, which are typically used for maintenance or software updates. At UMMC’s initial news conference, Dr. Alan Jones, associate vice chancellor for health affairs, sought to reassure patients, saying, “We have downtime procedures, so we know how to take care of patients without electronic medical records and I can assure you that at the point of care, all of our processes are intact. All of our equipment works. All of our patients are being taken care of safely. There will be no patient impact as a result of this downtime.”

Rep. Nelson, who said he utilizes UMMC as a patient himself, praised the response to the attack, which he said was swift and transparent with patients and enabled continuing critical operations. He added, “By UMMC being a teaching institute, they know how to do it the old-school way without computers and stuff. So, I want people to rest assured that UMMC is handling this the best way they possibly can, and I want to make sure they’re getting credit for that as well as credit for being transparent instead of hiding this from people.”

As technology continues to reshape the healthcare field and increase its reliance on computer systems to operate smoothly, a lack of standardized cybersecurity protocols can expose all connected networks to risk. Between 2015 and 2025, the number of reported hospital cyberattacks has tripled in the United States. The number of records impacted from these attacks has likewise significantly increased. In April 2023, 5.3 million records were reportedly compromised, compared with 15.3 records compromised in April of the following year.

In May 2024, Ascension Health, a St. Louis-based health system that operates hospitals in Birmingham and Mobile, faced a ransomware attack, but it took until December of that year to realize the full effects. In total, 5.6 million records were breached, making it the third largest healthcare data breach of the year behind the Change healthcare ransomware attack (100 millions records) and the Kaiser Foundation Health Plan tracking technology data breach (13.4 million records).

Just two months ago, the Singing River Health System in Ocean Springs identified their own potential cyberthreat which forced administrators to shut down systems in an attempt to mitigate the threat. This came on the heels of a 2023 ransomware attack on Singing River that exposed nearly a million individuals’ health information to hackers. The same year, North Mississippi Health Services and OCH Regional Medical Center in Starkville fell victim to cyberattacks.

According to Rep. Nelson, cyberattacks like these are “inevitable.” Computer viruses have the capability to replicate, evolve and mutate into other forms to get around fixes, and, he said, “The way these hackers work, they’ll probably send these attacks out to thousands of entities, if not hundreds of thousands of them. And when they find a loophole, then that’s who they target their attack towards.”

Image: Stock hacking image (via bgnes.com)