In this episode, we dive into the ransomware attack that struck Kettering Health, a major healthcare provider, and the evolving tactics of the Interlock ransomware group behind it. Interlock, active since late 2024, has adopted advanced techniques including double extortion, credential theft, and PowerShell-based backdoors to compromise healthcare systems. The attack on Kettering Health disrupted services and underscored the vulnerability of healthcare data to cybercriminals with professional-level operations.
We explore how ransomware groups like Interlock are no longer lone actors but sophisticated teams with their own reputations and operational playbooks. You’ll hear about common infection vectors such as phishing, exposed RDP ports, and MSP compromise—and why healthcare data, ranging from patient records to proprietary research, is among the most valuable on the black market.
This briefing also unpacks how healthcare providers can build layered defenses, including adoption of the NIST Cybersecurity Framework (CSF), segmented networks, offline backups, and least-privilege access. Finally, we discuss why authorities advise against paying ransoms, and how collaboration with CISA, MS-ISAC, and law enforcement is critical in recovery and prevention.
Tune in for a direct, tactical analysis of what happened, how it happened, and what your organization can do to stay protected.
