Kettering Health reported an apparent ransomware attack May 20 that caused a systemwide outage in its western Ohio facilities. The hospital system canceled elective inpatient and outpatient procedures, and instead focused on acute care.Although Kettering did not specify ransomware in its news update, it admitted to experiencing a “cybersecurity incident” caused by unauthorized access to its network.CNN reported that the ransomware group Interlock sent Kettering Health a ransom note claiming that it secured most of the hospital’s vital files.Kettering, which operates 14 medical centers and more than 120 outpatient locations, has not confirmed CNN’s report, adding that its call center experienced an outage and may not be accessible. The hospital group said that only elective procedures are being rescheduled until further notice and that its emergency room and clinics are open.The hospital group also confirmed reports that scam calls were made from people claiming to be Kettering Health team members requesting credit card payments for medical expenses, though they could not confirm if the calls were connected to the recent cybersecurity incident.“While it is customary for Kettering Health to contact patients by phone to discuss payment options for medical bills, out of an abundance of caution, we will not be making calls to ask for or receive payment over the phone until further notice,” said the Kettering update.Trey Ford, chief information security officer at Bugcrowd, commended Kettering Health for making direct and responsive updates on its website.“They’re answering what the public needs to know right now, and doing it quickly,” said Ford. “Cancelling outpatient and elective procedures to prioritize acute care and protecting life-support missions is absolutely the right move. The fact that miscreants captured targets for fraudulent outbound collections calls makes me wonder about dwell time.”With personal, medical, and financial information now compromised, the risk for identity theft, medical fraud and targeted phishing attacks remains high, pointed out Darren Guccione, co-founder and CEO at Keeper Security.“While there may not be immediate signs of misuse, the stolen data could surface down the road, prolonging risks for both individuals and organizations,” said Guccione. “To protect against these threats, individuals should regularly monitor their financial accounts, medical records and healthcare statements for any signs of suspicious activity.”
