Days after ransomware attack, UMMC clinics remain closed as emergency rooms rely on paper backups
The University of Mississippi Medical Center (UMMC) is reeling from a major cyberattack, first announced in a Facebook post on Feb. 19. The incident, which is still being investigated, has taken IT systems offline. Heading into Monday, the health system said, its clinics statewide will remain closed, with a tentative reopening scheduled for Feb. 25.
“Medical Center teams continue to respond to the impact of our recent cyberattack alongside federal and state agencies and experts in cybersecurity,” a Facebook update reads. “Clinics statewide will be closed on Monday, Feb. 23 and Tuesday, Feb. 24, and elective procedures on those days are cancelled. Appointments will be rescheduled when possible.”
UMMC added that its hospitals and emergency rooms remain open.
The data breach has been confirmed to be a ransomware attack, though details on whether a ransom was demanded or paid remain unknown. When making its announcement on Thursday, UMMC confirmed it was unable to access its Epic EHR system as part of a broad network outage that extended to all of its locations statewide.
It did add that its dialysis service center, Jackson Medical Mall, would remain operational and able to fill appointments, despite all other clinics being forced to shut down.
Hospitals and emergency rooms, despite remaining open, are being forced to operate on backup procedures—which means manual pen-and-paper documentation of patient care, since the EHR is inaccessible.
The hack also took out communications, with phone systems and emails still down days after the breach was revealed, contributing to patient throughput challenges that have forced the health system to focus its resources on emergency care.
UMMC confirmed its working with state and federal authorities to investigate and recover from the cyberattack, alongside cybersecurity experts from the private sector.
Its last Facebook update is dated Feb. 21.
‘We have stopped the bleeding’
In a lengthy public statement also dated Feb. 21, LouAnn Woodward, vice chancellor for health affairs at UMMC, wrote that the full details on how hackers gained access and what systems were compromised are still being sorted out. However, she confirmed the health system took some of its Internet-connected technology offline as a safety precaution to halt any further spread of the ransomware.
“To use a medical phrase—we have stopped the bleeding. And while we know much more now than we did 24 hours ago, the extent and the scope of the intrusion are still not fully understood,” Woodward wrote. “Our technical teams and a host of experts in the field of cyberattacks and federal agencies are working around the clock to answer these questions and segregate systems, repair damage and recover our data and applications.”
She went on to confirm that inpatient operations are only made possible by “using paper for documentation and patient orders,” something Woodward said the hospital and staff have prepared for, as downtime is always a possibility.
As for next steps, Woodward added that UMMC has made it a priority to ensure patient care resumes as normal and that elective procedures get rescheduled.
“We are doing all we can to safely restore access so that we can resume all aspects of patient care as quickly as possible,” she wrote. “We are especially concerned for those receiving ongoing care that is time-sensitive. So those patients are our highest priority—for example, a cancer patient receiving chemotherapy. We are working on a process to schedule appointments for those groups as quickly as we can.”
She did confirm that, despite the data breach, UMMC has cybersecurity systems in place that it regularly tests. It’s unclear if criminals were able to gain access to sensitive patient health information, or if any personal data was moved offsite.
More is likely to be revealed in the coming days as the investigation continues, UMMC confirmed.
To date, no known cybercriminal gang has claimed credit for the attack.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.