Medusa Ransomware Disrupts Mississippi’s Largest Hospital and New Jersey County, Threatening Patient Data
What Happened — The Medusa ransomware gang, believed to operate out of Russia, claimed responsibility for a nine‑day outage at the University of Mississippi Medical Center (UMMC) and a simultaneous attack on Passaic County, New Jersey. The gang demanded $800,000 in ransom and warned it would publish stolen data by March 20.
Why It Matters for TPRM —
- Extended downtime of critical healthcare services creates supply‑chain and patient‑care risks for any third‑party vendors supporting the hospital.
- Potential exposure of protected health information (PHI) raises compliance (HIPAA, GDPR) and reputational concerns for vendors with data‑handling responsibilities.
- Municipal government systems were also compromised, highlighting the broader threat to public‑sector partners.
Who Is Affected — Healthcare providers (large hospitals, specialty clinics) and municipal/government entities.
Recommended Actions — Review ransomware response and business‑continuity plans with affected vendors, verify backup integrity, audit third‑party access controls, and monitor for any data‑leakage indicators.
Technical Notes — Attack leveraged ransomware malware to encrypt on‑premises systems; no specific CVE disclosed. Data exfiltration was confirmed, and the group threatened public release. FBI and DHS were engaged for remediation. Source: The Record