A ransomware gang claims the Kettering Health hack, exposing patient data and highlighting the growing cybersecurity threat to hospital systems
The hack of Kettering Health, a network of hospitals, clinics, and medical facilities in Ohio, was attributed to a ransomware gang. After being compelled to close down all of its computer systems in response to the ransomware attack, the healthcare system is recovering two weeks later.
Interlock, a ransomware group targeting healthcare organizations in the United States since September 2024, published a post on its official dark website. The post claimed that the group had stolen over 940 gigabytes of data from Kettering Health.
CNN initially disclosed the breach on Kettering Health on May 20. Interlock was the alleged perpetrator. Nevertheless, Interlock had not publicly acknowledged the achievement at that time.
Typically, this indicates that the cybercriminals are attempting to extract a ransom from their victims by threatening to disclose stolen data. The fact that Interlock has come forward may suggest that the negotiations have not progressed.
John Weimer, Kettering Health’s senior vice president of emergency operations, previously informed local media that the healthcare company had not paid the hackers a ransom.
Interlock did not respond to a comment request sent to an email address on its dark website.
The hackers were able to steal an array of data from Kettering Health’s internal network, including private health information, such as patient names, patient numbers, and clinical summaries written by doctors.
These summaries include categories such as mental status, medications, health concerns, and other categories of patient data, as evidenced by a brief review of some of the files Interlock published on its dark website. Employee data and the contents of shared drives are among the other stolen data.
Documents, including background files, polygraphs, and other private identifying information of police officers with the Kettering Health Police Department, are contained in one of the containers.
Kettering Health issued an update on the cyberattack on Monday, stating that it had successfully restored “core components” of its electronic health record system, which Epic, a healthcare software company, supplies.
The company declared this “a significant milestone in our broader restoration efforts and a critical step toward the return to normal operations.” This enables the company to “update and access electronic health records, facilitate communication across care teams, and coordinate patient care with greater speed and clarity.”
