Kettering Health patients who had chemotherapy sessions and pre-surgery appointments canceled due to a ransomware attack in May now have to deal with the painful prospect that their personal info may have been leaked online.
Earlier today, ransomware gang Interlock dumped 941 GB of data purportedly belonging to the healthcare provider.
The stolen information appears to include ID cards, payment data, purchasing and financial reports, among a ton of other patient and staff details, and encompasses 732,490 files across 20,418 folders, according to the leak site.
The Register has not verified the data, and Kettering Health is not yet to confirm Interlock’s claims. It’s not known whether actual patient health data is among the purported leak. We will update this story when we hear back from the Ohio-based healthcare network.
Kettering Health operates 14 medical centers and more than 120 outpatient facilities across western Ohio, with over 1,800 physicians and providers in its network.
On May 20, the healthcare company disclosed a “system-wide technology outage” that “limited our ability to access certain patient care systems across the organization.”
While emergency rooms and clinics remained open, there were reports of ambulances being diverted to other hospitals and staff using paper charting for patient care. Kettering also canceled elective inpatient and outpatient procedures, which reportedly included cancer follow-up appointments and MRIs.
Kettering officials later that day confirmed a “cybersecurity incident resulting from unauthorized access to our network” had caused the IT system shutdown. A subsequent report from CNN, citing a ransom note reviewed at the scene, blamed Interlock ransomware for the intrusion, and said the note threatened to leak data unless the health network agreed to pay an extortion fee.
According to the healthcare org’s most recent update about the tech outage, the company had restored core components of its Epic electronic health record (EHR) system on June 2.
“This launch reestablishes Kettering Health’s ability to update and access electronic health records, facilitate communication across care teams, and coordinate patient care with greater speed and clarity,” the notice said.
“Progress continues in bringing back online in- and outbound calling to Kettering Health facilities and practices, as well as MyChart for patients,” it added.
So far this year alone, 26 ransomware attacks on US healthcare companies have been confirmed, and another 92 remain unconfirmed, according to Comparitech’s research.
The research organization also tracked 17 confirmed attacks of Interlock ransomware since October 2024, and another 22 that were claimed by the criminals but not acknowledged by the purported victims.
Interlock was allegedly behind the April ransomware infection of kidney dialysis firm DaVita, which also disrupted patient care and exposed 1.5TB of data. ®
