Kettering Health Cyber-Attack Causes Service Disruption

Kettering Health, a prominent healthcare provider in western Ohio, is currently managing the repercussions of a system-wide outage initiated by a recent cyber-attack. This incident has severely disrupted internal systems, leading to the cancellation of elective inpatient and outpatient procedures across its network of 14 hospitals and over 120 facilities.

As of May 22, while emergency services are still operational, patients are experiencing challenges in connecting with the call center. The organization has confirmed that the interruption results from unauthorized access to its systems, and an active investigation is currently in progress.

Cybersecurity firm PRODAFT has linked the attack to a threat actor identified as Nefarious Mantis, a member of the Interlock cluster. This group is recognized for preying on US healthcare organizations, often deploying ransomware following a period of reconnaissance within targeted networks.

In a statement, Kettering Health acknowledged the cancellation of elective procedures, indicating that rescheduling will occur as updates regarding the situation are made available.

In conjunction with the operational challenges, Kettering Health patients have reportedly received fraudulent calls soliciting credit card payments. Although the connection between these calls and the cyber-attack remains unclear, the organization has suspended all billing-related communication temporarily.

Trey Ford, Chief Information Security Officer at Bugcrowd, expressed concern regarding the implications of such fraudulent activities, stating that the presence of scammers attempting to exploit individuals post-attack raises significant alarms about “dwell time”—the length of time an attacker remains undetected within a network. He described the situation as a troubling evolution of double-extortion ransomware tactics.

Community Response and Ongoing Recovery

Kettering Health is undertaking a methodical evaluation of its procedures, adapting responses as necessary. First responders have been instructed to redirect patients accordingly. In light of the ongoing disruption, regional hospitals, along with public health agencies, are coordinating efforts to ensure the continuity of care.

Ford commended Kettering Health’s decision-making, noting that prioritizing acute care by canceling elective and outpatient procedures is the appropriate course of action. Patients are advised to exercise vigilance regarding unsolicited communications.

It is imperative that individuals do not make payments or divulge sensitive information in response to inbound calls. Darren Guccione, CEO of Keeper Security, highlighted the increased risks of identity theft, medical fraud, and targeted phishing attacks following the breach of personal, medical, and financial information. Guccione cautioned that while immediate misuse may not be evident, compromised data could surface later, extending risks for both individuals and organizations. Those affected should consistently monitor financial accounts, medical records, and healthcare statements for any signs of unusual activity.

Kettering Health has reiterated that it will not initiate contact with patients regarding payment until further notice.