Medusa ransomware gang claims attacks on prominent Mississippi hospital, New Jersey county

A prominent ransomware gang has taken credit for a devastating attack on the biggest hospital in Mississippi and a large county in New Jersey.

The Medusa ransomware operation, which experts believe is run out of Russia, said recently it was behind the cyberattack on the University of Mississippi Medical Center (UMMC). 

UMMC is one of the most important healthcare organizations in the state — employing 10,000 people and housing Mississippi’s only children's hospital, only Level I trauma center, only Level IV neonatal intensive care unit and the state’s only organ transplant programs.

The entire organization went dark for nine days at the end of February, forcing nurses and doctors to operate sophisticated systems with analog tools. The cancer infusion center had to reschedule patients while other units had to find ways to manage supplies and treatment with paper and pen. 

“We created a fully functional, urgent infusion clinic operating entirely offline. We found smart, secure ways to access critical vendor data,” said Devika Das, division director of hematology and oncology at the hospital, said two weeks ago. 

UMMC’s hospitals and emergency departments remained operational but it closed all 35 of its clinic locations. The FBI and Department of Homeland Security were brought in to assist in the recovery effort. 

The hospital fully reopened on March 2, and the Medusa ransomware gang claimed the attack last Thursday, demanding an $800,000 ransom. The hackers threatened to leak data stolen from the hospital by March 20. 

A UMMC spokesperson declined to comment on the ransom threat.  

Experts believe the Medusa operation is based in Russia due to its avoidance of targets in Commonwealth of Independent States, its Russian-language forum activity and the use of Cyrillic script in operational tools.

The group, which emerged in 2021, has repeatedly shown a willingness to target healthcare facilities and municipal governments across the U.S. On Tuesday, the group claimed an attack on New Jersey’s Passaic County and demanded an $800,000 ransom. 

The county said it was dealing with a “malware attack" two weeks ago that took down phone lines and IT systems used across government offices. It is home to nearly 600,000 people.