A ransomware group called Medusa today took credit for last month’s cyber attack on the University of Mississippi Medical Center.
UMMC shut down its clinics and cancelled appointments from February 19 to March 2, 2026 to contain the attack. The medical center lost access to phone lines, email, and patient records. Staff were forced to use handwritten charts and makeshift command centers. Some patients were transferred or diverted to other medical facilities.
Medusa claimed responsibility for the attack on its data leak site and demanded UMMC pay $800,000 in ransom within one week. To prove its claim, Medusa posted sample images of what it says are documents stolen from UMMC.
UMMC has not acknowledged Medusa’s claim, and Comparitech cannot independently verify it. We do not know what data was compromised, if UMMC paid a ransom, or how attackers breached UMMC’s network. UMMC declined answering Comparitech’s questions.
“The University of Mississippi Medical Center’s clinics resumed normal operations today following a nine-day ordeal caused by a cyberattack,” says UMC’s March 2, 2026 press release. “While all mission areas were impacted by the criminal intrusion, the patient care mission was disproportionately affected.”
Who is Medusa?
Medusa first appeared in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of organizations that don’t pay ransoms. Medusa both locks down computer systems and steals data, forcing infected organizations to pay a ransom to restore systems and to not publish stolen data. The gang operates a ransomware-as-a-service scheme in which customers pay to use Medusa’s malware and infrastructure to launch attacks and collect ransoms.
Medusa has claimed responsibility for 154 confirmed ransomware attacks in total. Of those, 33 hit healthcare providers with an average ransom of $400,000 and compromised 3.7 million personal records.
Some of Medusa’s other recently confirmed attacks include:
- Jefferson Blount St. Claire Mental Health Authority notified 30,434 people of a November 2025 data breach for which Medusa demanded $200,000
- Southwest Care Center reported a June 2025 data breach for which Medusa demanded $200,000
- Insightin Health notified 142,727 people of a September 2025 data breach for which Medusa demanded $500,000
- Bell Ambulance recently updated the number of people compromised in a February 2025 data breach to 237,830
In 2026, Medusa has taken credit for 16 more attacks, two of which were confirmed by the targeted organizations.
Ransomware attacks on US healthcare
Comparitech researchers have logged four confirmed ransomware attacks on US hospitals, clinics, and other healthcare providers in 2026 to date. In 2025, we logged 127 such attacks.
Other recently confirmed ransomware attacks on US healthcare include:
- Tieu Dental Corporation reported a July 2025 data breach claimed by Inc Ransomware
- Community Health Action of Staten Island reported an October 2025 data breach claimed by Genesis
The attack on UMMC is one of the most disruptive attacks we’ve seen so far this year.
Ransomware attacks on US hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk.
About the University of Mississippi Medical Center
UMMC is Mississippi’s only academic health science center. The 772-bed University of Mississippi School of Medicine (UMSOM) campus is located in Jackson. It enrolls more than 3,000 students in six health science schools.
