JACKSON, Miss. (WLBT) – The University of Mississippi Medical Center’s cyberattack marks the fourth hospital system in Mississippi to be targeted by cybercriminals in three years, a 3 On Your Side investigation found.
More Mississippi hospitals have become targets of these cyberattacks in recent years.
Just two months ago, Singing River Health System in Ocean Springs identified a potential cyber incident and shut down systems to stop the threat before it could go further. In 2023, a major ransomware attack on Singing River exposed nearly a million individuals’ health information to hackers.
That same year, North Mississippi Health Services and OCH Regional Medical Center in Starkville also fell victim to cyberattacks.
State lacks cybersecurity requirements
The investigation found Mississippi has no law that requires hospitals to protect against cyberattacks.
But federal law does.
Hospitals must do everything they can to protect electronic health information to remain compliant with HIPAA. If a hospital didn’t do enough, it can face hefty fines from the federal government.
The Mississippi State Department of Health does require hospitals to have an Emergency Operations Plan for potential hazards, including cyberattacks, which controls how they operate when these threats happen.
3 On Your Side has requested those documents from MSDH to better understand UMMC’s preparedness.
Previous violation revealed risks to UMMC systems
Our investigation found that ten years ago, UMMC had to pay $2.75 million in fines after a data breach involving approximately 10,000 patients. The breach occurred when a password-protected laptop was stolen from UMMC’s Medical Intensive Care Unit in 2013.
Federal investigators found UMMC was aware of risks and vulnerabilities to its systems as far back as April 2005, yet no changes to those systems occurred until after the breach.
The Department of Health and Human Services found organizational deficiencies and insufficient institutional oversight led to the violations.
HHS required UMMC to implement a corrective action plan to ensure future compliance with HIPAA, but it’s unclear how long that plan had to remain in place.
Want more WLBT news in your inbox? Click here to subscribe to our newsletter.
See a spelling or grammar error in our story? Please click here to report it and include the headline of the story in your email.
Copyright 2026 WLBT. All rights reserved.
