Ransomware Shut Down 35 Clinics in One Day. Patients Had Nowhere to Go.

#35 clinics. Closed. Statewide. One ransomware attack.

In February 2026, the University of Mississippi Medical Center was hit with ransomware. The attack forced the closure of all 35 clinic locations across the state. Not one clinic. Not a department. Every single location.

Patients who needed care were turned away. Appointments canceled. Surgeries postponed. Prescriptions couldn't be filled because the systems that manage them were encrypted. People who depend on these clinics for ongoing treatment had nowhere to go.

This is what a ransomware attack looks like in healthcare. It's not just data theft. It's not just a financial loss. People can't get medical care. The systems that schedule appointments, manage prescriptions, store lab results, process insurance claims, and coordinate between providers all go dark simultaneously.

And Mississippi isn't a state with excess healthcare capacity. For many patients, especially in rural areas, those 35 clinics were their only accessible option.

#This keeps happening in healthcare.

Healthcare is the most targeted industry for ransomware. The reasons are obvious:

The data is valuable. Medical records sell for 10-40x more than credit card numbers on the dark web because they contain everything: SSN, insurance info, medical history, addresses, dates of birth. You can change your credit card number. You can't change your medical history.

The pressure to pay is enormous. When your systems are down, patients can't get care. The longer you're down, the more people suffer. Attackers know this creates urgency to restore operations by any means, including paying the ransom.

The security budgets are insufficient. Most healthcare organizations, especially smaller practices and community health centers, spend a fraction of what other industries spend on IT security. The money goes to medical equipment, staff, and patient care. Security gets whatever's left, which is usually not enough.

The compliance checkbox culture. HIPAA requires security, but many organizations treat it as a compliance exercise rather than an actual security program. They check the boxes on the assessment form, document some policies nobody reads, and move on. The gap between "HIPAA compliant on paper" and "actually protected against ransomware" is where these attacks happen.

#"We're a small practice. We're not a target like a hospital."

You're a bigger target. Hospitals have dedicated IT teams, security budgets, and incident response plans. A 12-person dental practice on the South Side has a part-time IT person who also manages the front desk phone system.

Attackers hit small practices because the defenses are weaker. The data is just as valuable. A patient record from a small clinic contains the same SSN, the same insurance info, the same medical history as one from a major hospital.

And the HIPAA penalties don't care about your size. Fines start at $100 per violation and scale to $1.5 million per year for willful neglect. When your entire patient database is compromised, every record is a separate violation.

#What healthcare practices need to do.

1. Tested backups. Isolated from the network. This is the single most important defense against ransomware. If your backups are on a network-attached drive that the ransomware can reach, they'll get encrypted too. Air-gapped or immutable backups. Tested monthly. This is what lets you recover without paying.

2. Endpoint detection on every device. Not antivirus. EDR. Microsoft Defender for Business if you're on M365. It catches ransomware behavior patterns (mass file encryption) that signature-based antivirus misses.

3. Staff training. Ransomware gets in through phishing. Someone clicks a link or opens an attachment. Your front desk staff, your billing team, your clinical coordinators need to know what phishing looks like in healthcare. Fake EHR login pages. Spoofed insurance company emails. "Urgent" messages about HIPAA audits.

The training we do isn't a video. It's simulated attacks tailored to healthcare. Fake patient portal login pages. Spoofed insurance verification emails. The attacks your team will actually see. And the skills protect them at home too, not just at work.

4. Network segmentation. Your EHR system, your billing system, your imaging equipment, and your guest Wi-Fi should not all be on the same network. If ransomware gets on one system, segmentation limits how far it can spread.

5. Incident response plan. Written down. Printed out. Practiced. Who disconnects the systems? Who calls the security provider? Who contacts patients? Who notifies HHS? When ransomware hits at 6am on a Saturday, panic is not a plan.

6. Cyber insurance with ransomware coverage. Make sure the policy explicitly covers ransomware, business interruption, breach notification costs, and regulatory fines. And make sure you actually meet the security requirements the policy mandates.

#Further reading

• HHS HIPAA Breach Reporting - check if your data was in a reported breach
• StopRansomware.gov - US government ransomware resources
• CISA Healthcare Security Resources - sector-specific guidance
• FBI IC3 - report ransomware incidents
• Veeam 3-2-1 Backup Rule - backup strategy that survives ransomware