DAYTON, Ohio (WDTN) – A hacker group was allegedly behind the theft of nearly a terabyte of data — comprising more than 730,000 files with patient information — in last month’s cyberattack targeting Kettering Health.
The hacker group, Interlock Ransomware Group, has posted the information to its data leak site on the deep web, according to Rebecca Moody at CompariTech, a U.K.-based research company that specializes in cybersecurity breaches.
Interlock is a relatively new group, having only formed in October 2024. It currently has 26 confirmed attacks on American healthcare companies.
Kettering Health has released a statement on its technology outage and recovery progress following the attack.
The hospital said it has reason to believe the incident was launched by the ransomware group Interlock.
“This [incident] prompted an immediate and comprehensive response to ensure the security of our systems and the integrity of our data,” wrote Kettering Health, which did not confirm the number of stolen patient files.
What Kettering Health is doing to increase cybersecurity
Kettering Health has had a four-step response to the attack.
Firstly, the hospital said it has completely removed the threat, and all affected systems have been secured. All tools and persistence mechanisms used by the third-party group have been removed.
Secondly, external partners and the hospital’s IT team conducted a thorough review of all systems and all necessary security protocols. This will enhance security going forward.
Thirdly, a review of system vulnerability was conducted, and all updates and patches are in place.
Lastly, the hospital said it is confident its cybersecurity framework and employee security training will mitigate future risks, and its network-connected devices are secure.
“Our primary focus has shifted to ensuring that patients can reliably communicate, schedule, and receive all types of care from Kettering Health,” wrote Kettering Health.
