Kettering Health Confirms Interlock Ransomware as the Cause of Cybersecurity Incident
Kettering Health, a prominent healthcare provider managing 14 medical facilities in Ohio, has confirmed that the Interlock ransomware group executed a cyberattack on its network, resulting in the theft of significant data in May.
This extensive network encompasses over 120 outpatient facilities and a workforce exceeding 15,000 employees, including more than 1,800 physicians.
In a statement issued last Thursday, Kettering Health reported that it has secured its network devices and is actively working to restore communication with patients, disrupted due to the recent cyber incident. The organization stated, “The tools and persistence mechanisms employed by the third-party group have been eradicated, ensuring that all affected systems are secure. A comprehensive review of all systems has been completed by both external partners and our internal team, implementing all necessary security protocols such as network segmentation, enhanced monitoring, and updated access controls.”
Kettering Health reported the cyberattack on May 20, leading to a significant outage that left medical personnel without access to computerized charting systems, reverting care teams to manual processes. Additionally, the attack affected its call center and certain patient care systems, resulting in canceled elective procedures. Nonetheless, the emergency rooms and clinics continued to operate normally.
As of Monday, the health network announced that it has restored access to its electronic health record (EHR) system and is in the process of bringing back the MyChart application for patients and the call center.
The Interlock ransomware group claimed responsibility for the attack earlier this week, asserting that they exfiltrated 941 GB of data, which includes over 20,000 folders and 732,489 documents that contain sensitive information.
</em></figcaption></figure>
</div>
<p>The leaked data allegedly includes extensive patient information, medical and pharmacy documents, bank reports, payroll details, police personnel files, and scans of identity documents, such as passports.</p>
<p>Interlock is a relatively recent ransomware enterprise that emerged in September and has since claimed responsibility for numerous attacks on organizations globally, particularly within the healthcare sector.</p>
<p>This cybercriminal group has also been linked to ClickFix attacks, which involve masquerading as IT tools to gain initial access to the target networks. In various attacks, Interlock operators have deployed a previously unidentified remote access trojan (RAT) named NodeSnake, as demonstrated in incidents targeting universities in the United Kingdom earlier this year.</p>
<p>Recently, Interlock also announced the breach of DaVita, a Fortune 500 kidney care provider with over 2,600 dialysis centers throughout the United States, leaking approximately 1.5 terabytes of data allegedly obtained from the compromised systems.</p>
</div>
</div>
<div class=)
Scammers have leveraged a sophisticated tool known as Inferno Drainer to illicitly acquire approximately $43,000 in cryptocurrency from 110 users…
Thousands of personal records linked to athletes and attendees of the Saudi Games have been compromised due to a cyber-attack…
The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory regarding cyber…
OpenAI is set to release an update for ChatGPT that will activate the new o3 Pro model, which boasts enhanced…
Recent discoveries have identified two critical vulnerabilities in the open-source forum software vBulletin, one of which is confirmed to be…
Microsoft has released the KB5058481 preview cumulative update for Windows 10 22H2, which introduces several enhancements, including the restoration of…