IN February, the University of Mississippi Medical Center announced it was closing dozens of clinics statewide after a cyberattack disrupted multiple IT systems and cut off access to its Epic EMR platform, which contained patients’ medical records, with a nine-day service suspension that led to the cancellation of elective surgeries and imaging appointments. As of 2 March, access to patient records and phone lines had been restored.
According to SuspectFile, a Medusa ransomware spokesperson claims the group added the incident to Medusa’s leak site on 12 March and asserted they acquired over 1 TB of data and more than 1 million files, though these claims have not been independently verified by UMMC. The group reportedly stated that the operation was not primarily about full system encryption and that affiliates were instructed not to lock the entire infrastructure, instead focusing on data exfiltration.
Negotiations occurred but reportedly failed over the amount demanded to delete data, with Medusa allegedly demanding $800k and UMMC offering $550k; the total numbers affected remain undisclosed as the investigation continues.