Labor and delivery Nurse Manager Tori Jones of the Baptist Anderson Regional Medical Center in Meridian said she first heard of the ransomware attack at the University of Mississippi Medical Center during her team’s Thursday morning huddle.
“They just told us to keep them in our prayers and just that everything could go as smooth as possible,” she said. “That if we had any contacts with the [UMMC] system to just not go through those electronic revenues.”
Shamira Muhammad
State's medical community ponders how to move forward after UMMC ransomware attack
The attack forced UMMC to shut down its IT network and go into “downtime procedures.” Clinical equipment remained functional, including vital monitors for critical care patients, but all clinics within the center’s statewide system were closed.
In a statement, UMMC called the attack a "criminal intrusion" and “are working on a solution for patients to contact [the center] about routine medical and/or medication needs.”
President and CEO of the Mississippi Hospital Association Richard Roberson said this isn’t the only time a medical center has been struck with a cyberattack in the state. He pointed to a 2023 incident at Singing Rivers.
“In that case, hundreds of thousands of patient files were uploaded onto the dark web,” he said. “That's not the outcome anybody wants, obviously. It took several weeks for them to restore full capabilities within their system. Not that patients weren't cared for, not that things weren't done to make sure the patients were cared for well. But it disrupted the system for several weeks.”
MHA was able to provide UMMC with reports that helped restore some of their functionality last week. Roberson hopes hospitals in the state will commit to taking deep-dives into their IT systems, with criminal activity committed by individuals overseas becoming an increasing concern.
“It's very challenging, it's very difficult, but we encourage our members to make sure that they are as up-to-date as they possibly can be and to really spend the time and spend the resources to make sure those protections are in place,” said Roberson.
UMMC is continuing to work alongside federal agencies, including the FBI. They’re also collaborating with three national vendors that are experts in cyber forensics, recovery and security.
According to a statement, UMMC clinics across the state will be closed on Monday, Feb. 23 and Tuesday, Feb. 24. Elective procedures will also be cancelled and appointments will be rescheduled when possible.
UMMC hospitals and emergency rooms in Jackson, Grenada, Madison County and Holmes County remain open.
In a column posted to UMMC’s Facebook, Woodward said the center has “stopped the bleeding” but the extent of damage caused by the ransomware attack remains unknown.
UMMC, federal and state agencies are “working around the clock to answer these questions and segregate systems, repair damage and recover our data and applications,” she wrote, adding that the electronic patient records and phone systems were included in the attack and are not operational.
“I can’t tell you when – but I can promise as soon as we possibly can – we will be back up and running full steam ahead,” she said.