-
A Russia-based ransomware operation claims responsibility for devastating cyberattacks on critical healthcare and government infrastructure.
-
The Medusa gang demanded $800,000 from the University of Mississippi Medical Center after a nine-day shutdown paralyzed the state’s most vital healthcare facility.
-
Passaic County in New Jersey faces the same ransom demand as hackers threaten to expose stolen government data.
A notorious Russian ransomware operation has claimed credit for crippling attacks on Mississippi’s most important medical center and a heavily populated New Jersey county. The Medusa ransomware gang publicly announced both breaches while demanding hefty ransoms and threatening to leak sensitive data.
The University of Mississippi Medical Center fell victim to one of the most disruptive healthcare cyberattacks in recent state history. UMMC operates as the backbone of Mississippi’s healthcare system, employing 10,000 people and running the state’s only children’s hospital, only Level I trauma center, only Level IV neonatal intensive care unit, and the state’s only organ transplant programs.
Nine Days of Chaos at Mississippi’s Critical Medical Hub
The attack forced UMMC into complete darkness for nine days at the end of February. Medical staff scrambled to operate sophisticated hospital systems using nothing but analog tools.
The cancer infusion center postponed patient appointments. Other departments resorted to managing critical supplies and treatments with paper and pen.
Devika Das, division director of hematology and oncology at the hospital, described the emergency response two weeks ago:
“Our team built a completely operational, urgent infusion clinic running entirely without digital systems. We discovered intelligent, secure methods to retrieve essential vendor information.”l
UMMC kept its hospitals and emergency departments running throughout the crisis, but closed all 35 clinic locations. Federal authorities stepped in immediately. The FBI and Department of Homeland Security joined the recovery operation.
The hospital achieved full operational status on March 2. Last Thursday, the Medusa ransomware gang claimed responsibility for the attack. The hackers demanded $800,000 and set a deadline of March 20 to leak stolen hospital data. UMMC officials declined to comment on the ransom threat.
This attack follows a similar Medusa breach on Bell Ambulance, where the gang also demanded a ransom and threatened to leak patient data, a pattern showing that the group’s tactics are consistent across healthcare targets, regardless of size or scope.
Russia-Linked Gang Expands Attacks on U.S. Infrastructure
Cybersecurity experts trace the Medusa operation back to Russia. The gang avoids targets in the Commonwealth of Independent States countries. Researchers observe Russian-language forum activity from the group. The hackers use Cyrillic script in their operational tools.
The group emerged in 2021 and has repeatedly demonstrated a willingness to attack healthcare facilities and municipal governments across the United States. Tuesday brought another Medusa claim, this time targeting New Jersey’s Passaic County with the same $800,000 ransom demand.
Passaic County officials reported dealing with what they called a “malware attack” two weeks ago. The incident knocked out phone lines and IT systems across government offices. The county serves nearly 600,000 residents who depend on these services.
Pattern of Targeting Critical Services
The simultaneous attacks on UMMC and Passaic County reveal Medusa’s strategy. The gang targets essential infrastructure where downtime creates maximum pressure. Hospitals cannot function without digital systems. County governments rely entirely on IT networks for public services.
Both organizations face identical ransom demands of $800,000. The hackers set tight deadlines and threaten public data leaks. This dual-pressure approach forces victims to choose between paying ransoms or risking exposure of sensitive information.
Medical facilities make particularly attractive targets. Patient care cannot stop during cyberattacks. Staff must find workarounds while administrators handle breach response. The nine-day UMMC shutdown demonstrates how completely ransomware can paralyze even well-resourced institutions.
Municipal governments face similar vulnerabilities. Passaic County’s phone and IT system failures disrupted services for hundreds of thousands of residents. The attack hit basic government functions that citizens depend on daily.
Ransomware attacks currently exist as an urgent need for municipalities and other types of critical infrastructure to develop and implement stronger cybersecurity protocols. It is imperative for healthcare systems and government entities throughout the United States to prepare for sophisticated ransomware operations targeting high-value/high-impact targets.
