KETTERING, Ohio — A sweeping ransomware attack has forced a system-wide technology shutdown at Kettering Health, a major western Ohio healthcare network, disrupting care for thousands and leading to the cancellation of all elective procedures across its 14 medical centers.
Related Article: Ransomware Landscape Shifts as Attackers Target New Victims
The cyberattack struck early Tuesday, bringing down critical IT systems at the nonprofit medical network, which employs more than 1,800 doctors and serves a significant portion of Ohio communities. Without access to electronic medical records and scheduling systems, Kettering Health officials canceled all scheduled inpatient and outpatient procedures for the day.
Despite the disruption, all medical centers remained open, and emergency rooms were still seeing patients. Healthcare staff activated established downtime protocols, reverting to pen and paper to track patient information and maintain essential operations while IT specialists investigate the breach and work to restore systems.
Ransomware Group Interlock Claims Responsibility for Kettering Health Attack
According to a CNN report, the attack is attributed to the Interlock ransomware group, an organization notorious for “double extortion” tactics targeting healthcare providers. Interlock is known for breaching company networks, exfiltrating sensitive data, and deploying ransomware to encrypt critical files. Victims are often threatened with publication of stolen information on the group’s dark web leak site unless a ransom is paid.
A ransom note left for Kettering Health reportedly stated, “Your network was compromised, and we have secured your most vital files,” further threatening to leak data allegedly stolen from the network if extortion negotiations did not begin.
Adam Dyer, an information security analyst from Cedarville University, explained to Dayton247Now how such attacks commonly occur.
“Normally, it’s just as simple as credential theft, when a hacker acquires the username and password of someone who already logs into the network,” Dyer said.
Related Article: Lehigh Valley Health Network to Pay $65 Million After Hackers Leaked Nude Photos of Cancer Patients
He emphasized that even one stolen password can enable hackers to compromise a system’s security and pose a grave risk to sensitive patient data. Dyer added that while Kettering Health has not confirmed the exact method of attack, it is plausible the perpetrators exploited a single compromised password to gain broader network access.
Kettering Health is still in the early stages of its investigation and has not confirmed the extent of any patient data theft. The organization confirmed that a cyberattack caused the outage, although it has not publicly acknowledged the attack as ransomware.
Shortly after the incident became public, Kettering Health warned the community about scam calls, cautioning patients and staff to remain vigilant.
Tuesday’s attack is the latest in a rising wave of assaults on healthcare providers, with threat actors increasingly targeting critical medical and patient data. The disruption highlights the ongoing vulnerability of healthcare IT systems and the pressing need for advanced cybersecurity defenses.
