Written by Jonathan Perz, Manager of Information Security at Abacus Technologies
On February 19, 2026, the University of Mississippi Medical Center (UMMC) — Mississippi’s only academic medical center and Level 1 trauma center — shut down major portions of its IT environment after a ransomware attack. Clinics closed, elective procedures were canceled, and thousands of employees lost access to systems critical for daily operations.
Emergency care continued, but teams were forced to rely on manual workflows while systems were taken offline and investigated. The event quickly moved beyond IT and became an operational crisis.
This is what modern cyber risk looks like in 2026.
Cybersecurity Incidents Are Business Continuity Events
When systems go dark, the impact is immediate:
- Operations slow or stop
- Revenue is interrupted
- Staff productivity drops
- Customer and patient trust is tested
UMMC activated downtime procedures — predefined manual workflows designed to keep services operating when technology fails. That decision likely reduced the overall impact.
As Dr. Christian Dameff, co-director of the Center for Healthcare Cybersecurity at UC San Diego, observed after the attack:
“We need to spend time and money trying to prevent these attacks. But we have to prepare for when we go down, because that is inevitable.”
This captures the core lesson for executives: prevention matters, but resilience determines outcomes.
“The goal is no longer preventing every intrusion — it’s ensuring the organization can keep operating when disruption occurs.”
Brian Jackson, CEO Abacus Technologies
Why Traditional Security Approaches Are Falling Behind
Many organizations still rely primarily on perimeter defenses — firewalls, VPNs, and endpoint tools.
Attackers have adapted.
Today, the most common path into environments is through identity compromise, not network intrusion. Identity-centric security focuses on protecting user accounts and credentials because those identities grant access to everything inside the organization.
Common entry points include:
- Stolen credentials
- Phishing or social engineering
- Excessive permissions
- Misconfigured cloud access
Attackers often do not “hack in.” They log in.
“Identity is the new perimeter. When identities are compromised, everything downstream is exposed.”
Jonathan Perz, Manager Information Security Abacus Technologies
A Quick Note on Session Tokens — and Why They Matter
One technical concept executives frequently hear but rarely see explained is the session token.
A session token is a digital credential that keeps a user logged in after authentication. If an attacker steals that token, they may gain access without needing a password or multi-factor authentication approval.
This is why organizations must look beyond passwords and monitor identity activity continuously.
The Threats Leaders Often Don’t See
Ransomware gets headlines because it is loud and disruptive.
Many cyber events are quieter.
Business Email Compromise (BEC), for example, involves attackers taking over trusted email accounts to redirect payments, alter invoices, or commit fraud — often without triggering alarms. The result is financial loss and reputational damage rather than visible downtime.
At the same time, organizations are rapidly adopting AI tools, sometimes faster than security oversight can mature.
AI governance means setting clear policies about how AI tools are used, what data they can access, and how associated risks are managed.
“AI increases productivity — but it also increases risk velocity. Governance has to evolve just as fast as adoption.”
Lauren Pankey, Manager of Technology Risk Abacus Technologies
What Prepared Organizations Do Differently
The UMMC incident reinforces a simple truth discussed in our 2026 cybersecurity webinar: mature organizations plan for disruption, not just defense.
Key priorities include:
Identity-Centric Security
- Conditional access policies (security rules that adapt based on login risk)
- Behavioral monitoring to detect unusual account activity
- Strong control over privileged accounts with elevated access
Limiting Persistence
- Reduce exposure to stolen session tokens
- Restrict third-party application permissions
- Regularly review cloud access and configurations
Operational Resilience
- Test incident response plans — not just document them
- Maintain offline, recoverable backups
- Define clear downtime procedures for critical operations
Visibility and Detection
- Centralized logging and monitoring
- Early detection of abnormal behavior
- Faster executive decision-making during incidents
AI Governance
- Establish acceptable-use policies
- Protect sensitive data exposure
- Review AI deployments through a security lens
The Leadership Question Has Changed
Cybersecurity is no longer just a technical discussion.
The real leadership question is:
How long can your organization continue operating if systems go offline tomorrow?
Healthcare exposes the consequences clearly, but the same risk exists across manufacturing, financial services, construction, and professional services. Every organization now depends on digital systems to function.
Final Takeaway
The UMMC cyberattack is not an isolated event. It is a signal.
Organizations that succeed in 2026 will not be those that avoid every attack — that expectation is unrealistic.
They will be the organizations that:
- Protect identity as their primary control layer
- Prepare operationally for downtime
- Govern AI adoption intentionally
- Treat cybersecurity as business resilience
Because when the network goes dark, preparation is the only true differentiator.
_____________________
Abacus Technologies, a member of the BMSS Family of Companies, helps organizations align cybersecurity with operational resilience through identity-centric security strategies, governance, and practical readiness planning.