On Feb. 19, 2026, the University of Mississippi Medical Center (UMMC) confirmed a major cyberattack that disrupted electronic systems across its campuses and forced wide-ranging operational changes. The breach hit the central Jackson campus first, and administrators quickly took multiple systems offline to prevent the problem from spreading. Emergency departments and inpatient units remained open, but nonurgent outpatient visits were postponed as staff switched to established downtime procedures and the medical center activated its emergency operations plan.
With scheduling, diagnostic imaging and several core IT platforms impaired, leaders diverted personnel to essential duties and concentrated resources on urgent care. Clinics across the state temporarily closed on Feb. 20 while clinicians documented by hand, used phones for clinical communication and moved patients as needed. These contingency steps—paper charts, phone coordination and manual transfer logs—helped preserve lifesaving services even as routine care paused.
Outpatient clinics, ambulatory surgeries and most imaging appointments were the hardest hit. Elective procedures were deferred and many routine follow-ups were rescheduled. Still, the medical center worked to keep time-sensitive therapies running: dialysis, for example, continued at the Jackson Medical Mall under contingency protocols, with staff relying on paper records to document treatments and coordinate transfers.
UMMC also tightened facility access and established alternate communication channels for clinicians and families while IT crews focused on stabilizing critical systems. Technical teams prioritized restoring systems that support immediate patient care, and limited exceptions were made for treatments deemed urgent or essential.
State and federal investigators joined the hospital’s incident response team to determine how attackers gained access and whether data left the network. The FBI, CISA and the Department of Homeland Security were among the agencies involved. Forensic specialists performed system imaging, log reviews and memory analysis to trace the attack vector and map the intrusion’s scope. At the same time, regulatory liaisons advised the hospital on notification obligations under federal health privacy laws.
On the containment side, technicians examined the malware and the initial point of compromise, segmented affected networks and temporarily shut impacted servers to limit lateral movement. Privileged accounts were reset, and teams followed a cautious, staged process to restore services—starting with systems that support critical care—so investigators could collect evidence without risking further damage.
Hospital leaders described the situation as evolving and stressed that patient safety guided every decision. They warned that full recovery could span several days and asked patients to contact the health system before traveling for appointments. Officials said they would share validated technical findings as the investigation and restoration progressed.
In short, the cyberattack forced UMMC to prioritize urgent, life-sustaining care while forensic and IT teams worked to secure systems and restore services. For patients and families, the immediate takeaway was practical: check with the medical center before coming for an appointment, and expect some services to be delayed while recovery efforts continue.