A ransomware group known as Interlock has taken responsibility for the recent cyberattack on Kettering Health, a network of hospitals and medical centers located in Ohio. The hack, which occurred two weeks ago, forced the healthcare provider to shut down all computer systems, causing significant disruptions to operations. Kettering Health is still in the recovery phase.
The group, which has a history of targeting healthcare organizations since its emergence in September 2024, reportedly stole over 940 gigabytes of sensitive data from Kettering Health. This information was disclosed in a post on Interlock’s official dark web site. CNN originally reported on May 20 that Interlock was behind the breach, but the group had not claimed responsibility at that time, presumably to negotiate a ransom.
Kettering Health’s senior vice president of emergency operations, John Weimer, previously stated to local media that the healthcare organization had not agreed to pay a ransom to the cybercriminals. As of Wednesday, representatives from Kettering Health have not provided additional comments regarding the situation. Interlock has also remained silent on requests for comment sent through email addresses listed on their dark web site.
An assessment of some files released by Interlock indicates the group gained access to various types of sensitive data from Kettering Health, including private health information such as patient names, clinical summaries, and other personal data. Disturbingly, one folder appeared to contain private identifying information of police officers affiliated with the Kettering Health Police Department.
On Monday, Kettering Health provided an update stating they had successfully restored key components of their electronic health record system, provided by Epic, marking a significant step in their recovery process. They emphasized that this would facilitate better communication and coordination of patient care moving forward.
TechCrunch reported further on the healthcare system’s continued struggles. The Interlock ransomware attacks on healthcare are documented in the HIPAA Journal. CNN also reported on this story here.