Kettering Health Experiences System-Wide Disruption Following Ransomware Incident

Kettering Health, a prominent healthcare network in Ohio operating 14 medical centers, has experienced a significant disruption due to a cyberattack that resulted in a system-wide technology outage. This incident has compelled the organization to cancel numerous inpatient and outpatient procedures.

The nonprofit healthcare provider, which manages multiple emergency centers and over 120 outpatient facilities, employs more than 15,000 staff members, including 1,800 physicians. In an official statement posted on its website, Kettering Health acknowledged that a cybersecurity incident was responsible for an ongoing outage impacting their call center and various patient care systems.

The statement indicated, “Elective inpatient and outpatient procedures at Kettering Health facilities have been canceled for today, Tuesday, May 20. These procedures will be rescheduled for a later date, and more information will be provided as updates become available. Additionally, our call center is currently experiencing an outage and may not be accessible.”

The organization clarified that at present, only elective procedures will be rescheduled and assured that emergency rooms and clinics remain operational, continuing to see patients.

Reports have emerged regarding scammers impersonating Kettering Health employees, contacting patients to solicit credit card payments for medical expenses. Although these scam calls have yet to be definitively linked to the cyberattack, patients are advised to report such incidents to law enforcement.

Kettering Health further stated, “While it is customary for Kettering Health to reach out to patients by phone to discuss payment options for medical bills, we will refrain from making calls to ask for or receive payments over the phone until further notice.”

Outage Linked to Interlock Ransomware Attack

While details surrounding the nature of the attack remain unconfirmed, indications suggest that the incident aligns with typical ransomware attack behavior. Reports have surfaced suggesting that the Interlock ransomware group is potentially behind this cyber threat, with the gang threatening to leak sensitive information obtained from Kettering Health’s systems unless a ransom is negotiated.

A ransom note purportedly left on encrypted devices stated, “Your network was compromised, and we have secured your most vital files.” As of the latest updates, Interlock has not yet claimed responsibility for a breach related to Kettering Health on their dark web data leak site, nor has any other ransomware group stepped forward to accept culpability for the attack.

Interlock is a relatively new player in the ransomware landscape, having emerged in September and reportedly claiming responsibility for more than thirty incidents since its inception. Recently, this group claimed a breach involving DaVita, a Fortune 500 provider of kidney care services, leaking approximately 1.5 terabytes of data comprising nearly 700,000 files.

A spokesperson for Kettering Health did not provide additional comments regarding the specifics of the situation when inquiries were made about the potential ransomware attack.