The University of Mississippi Medical Center may have violated HIPAA after a February ransomware attack if it failed to notify patients, regulators, and media within the required 60-day window. Reports say the Russian hacking group Medusa claimed responsibility and alleged it stole patient data, while UMMC says it is still investigating with the FBI and cybersecurity experts. #UniversityofMississippiMedicalCenter #Medusa
Keypoints
- UMMC suffered a ransomware attack in February that disrupted systems for nine days.
- HIPAA requires breach notifications to HHS, patients, and local media within 60 days for large data exposures.
- A public records search found no documents showing UMMC notified patients or reported the breach.
- UMMC says it is still conducting forensic analysis and will meet reporting requirements after the investigation.
- The Medusa group has claimed responsibility and says it obtained patient data, but UMMC has not confirmed this.
Read More: https://www.wlbt.com/2026/05/22/ummc-may-have-violated-federal-privacy-law-after-ransomware-attack/