The Texas health system has been working to recover its systems after the Sept. 26 attack.

A ransomware attack against Texas-based UMC Health System has led to major patient care disruptions, according to reports.

The health system—which reports having more than 30 clinics in western Texas and eastern New Mexico—has reportedly been forced to divert some patients including emergency patients since the Sept. 26 attack.

[Related: 10 Major Cyberattacks And Data Breaches In 2024 (So Far)]

“We continue to diligently work to progress on our restoration and recovery efforts,” UMC said in an update to its website Monday.

What follows are five things to know about the UMC Health System ransomware attack.

Ransomware Attack

In a page on its website, UMC Health System said that it detected “unusual activity within our IT systems,” leading the health system to disconnect its systems “to contain the incident.”

“Through the ongoing investigation, we determined that the unusual activity was connected to a ransomware incident,” the Lubbock, Texas-based health system said.

Emergency Care Disruptions

UMC Health System said Monday that its Emergency Center in Lubbock is “now accepting patients via ambulance.”

The Emergency Center had initially been forced to divert some ambulances to other hospitals but is now “only diverting a very select number of patients,” the health system said.

“Out of an abundance of caution, the Emergency Center continues to divert a select number of patients until all UMC resources are fully functioning,” UMC said in its update Monday.

Other Care Disruptions

UMC Health System in the update that its healthcare facilities “remain open for existing inpatients” while its clinics are open, as well.

However, “due to the incident, certain departments / providers are on downtime procedures,” the health system said. Affected services reportedly include radiology.

“We continue to focus on minimizing any disruption to our patients and critical services,” UMC said.

Data Impact?

UMC Health System has not disclosed details on the threat actor responsible for the attack, and reports indicate that no ransomware gang has claimed responsibility.

The health system has also not released details on whether it believes patient medical records or other data may have been impacted in the attack.

CRN has reached out to UMC Health System for comment.

Health Care Attacks Continue

A number of U.S. health systems and their patients have become the victims of cyberattacks in 2024, making UMC just the latest to see care disruptions due to cybercriminal activity.

The February ransomware attack against UnitedHealth-owned prescription processor Change Healthcare caused massive disruption in the U.S. health care system for weeks — preventing many pharmacies and hospitals from processing claims and receiving payments.

In May, the St. Louis-based Ascension health system was struck by a ransomware attack that forced it to divert emergency care from some of its hospitals.

The attacks have raised questions about whether threat actors are intentionally targeting companies whose patients and customers would be severely affected by the disruptions, in order to put increased pressure on the organizations for paying a ransom.