On March 12, 2026, the Medusa ransomware group claimed responsibility for the February 19 attack on the University of Mississippi Medical Center (UMMC), demanding $800,000 in ransom and threatening to publish more than 1 TB of exfiltrated data including patient health information and employee records.
Nine Days of Disruption
UMMC — Mississippi's only Level I trauma centre, only children's hospital, and only organ transplant programme, employing approximately 10,000 people — suffered a nine-day outage beginning February 19, 2026. According to Healthcare Dive and HIPAA Journal:
- 35 clinics were closed
- Elective procedures were cancelled
- The EPIC electronic health record system went offline
- Clinical staff reverted to manual, paper-based processes
- The hospital fully reopened on March 2, 2026
UMMC reported a 20% revenue drop for February due to delayed patient care during the outage.
Operational Tempo
Medusa operates as a Ransomware-as-a-Service (RaaS) platform with multiple affiliates. Security researchers have documented that one affiliate, tracked by Microsoft as Storm-1175, can move from initial access to data exfiltration to ransomware deployment within 24 hours. This compressed attack timeline makes traditional detection-and-response cycles inadequate for preventing encryption.
Broader Campaign
The UMMC attack is part of a wider Medusa campaign targeting healthcare, education, and professional services across the United States, United Kingdom, and Australia. In a separate incident, Woodfords Family Services in Maine notified 8,073 individuals of a Medusa-attributed breach, and the group has claimed over 300 organisations globally in 2026.
Context
The UMMC incident demonstrates the disproportionate impact ransomware has on healthcare institutions where system downtime directly threatens patient care. For organisations subject to NIS2's essential entity requirements, the 24-hour operational tempo of groups like Medusa means that incident response plans (ISO 27001 Annex A control 5.26) must be tested and executable far faster than annual tabletop exercises typically prepare teams for.