Kettering Health Blames Interlock Ransomware for Cyberattack
▼ Summary
– Kettering Health, an Ohio-based healthcare network, confirmed a May ransomware attack by the Interlock group, which stole sensitive data.
– The attack disrupted patient communication systems and forced staff to use manual processes, though emergency services remained operational.
– Kettering Health has secured its systems, restored EHR access, and is working to bring patient portals and call centers back online.
– Interlock leaked 941 GB of stolen data, including patient records, financial documents, and identity scans, claiming responsibility for the breach.
– Interlock is a new ransomware group targeting healthcare organizations, also linked to recent attacks on DaVita and U.K. universities.
Kettering Health, a major Ohio-based healthcare provider operating 14 medical centers and over 120 outpatient facilities, has confirmed that the Interlock ransomware group was behind a cyberattack in May that compromised sensitive data. The breach affected critical systems, forcing staff to revert to manual processes while disrupting patient communications.
The organization, which employs more than 15,000 workers, including nearly 2,000 physicians, stated that all compromised systems have since been secured. External cybersecurity experts and internal teams conducted extensive reviews, implementing enhanced security measures such as network segmentation, stricter access controls, and continuous monitoring. Despite the attack, emergency services remained operational, though elective procedures were temporarily canceled.
By this week, Kettering restored access to its electronic health records (EHR) system and is working to fully reinstate its MyChart patient portal and call center operations. Meanwhile, Interlock publicly claimed responsibility, leaking samples of stolen data totaling 941 GB, including sensitive patient records, financial documents, and employee files. The exposed information reportedly spans pharmacy records, blood bank details, payroll data, and even scanned passports.
Interlock, a relatively new ransomware operation active since September, has targeted multiple organizations globally, with healthcare providers being a frequent focus. The group has ties to ClickFix attacks, where attackers pose as IT support to infiltrate networks, and has deployed custom malware like NodeSnake, a remote access trojan used in prior breaches.
This incident follows Interlock’s recent claim of breaching DaVita, a leading kidney care provider, where 1.5 terabytes of data were allegedly exfiltrated. The repeated targeting of healthcare institutions underscores the growing threat posed by ransomware groups to critical infrastructure and patient privacy.
Kettering has not yet confirmed the full extent of the data exposure but assures patients that remediation efforts are ongoing. The attack highlights the urgent need for robust cybersecurity defenses in the healthcare sector, where disruptions can have life-or-death consequences.
(Source: BLEEPING COMPUTER)
