A ransomware attack on Kettering Health in Ohio has triggered a large-scale disruption across its medical network, affecting patient care and sparking concerns over healthcare cybersecurity resilience.
Kettering Health Discloses Network Outage Caused by Ransomware Attack
Earlier this week, Kettering Health, a major nonprofit healthcare provider in Western Ohio, confirmed a “system-wide technology outage” caused by a ransomware attack. The breach impacted more than 120 locations, including nine hospitals and over 100 outpatient facilities.
In a public update, Kettering Health said threat actors gained unauthorized access to its systems, limiting access to critical patient care platforms. The healthcare group stated that containment efforts are ongoing, and an investigation is underway.
“We understand that this situation can be extremely stressful for our patients and their families. However, we would like to assure that we have procedures and plans in place for these types of situations,” Kettering posted.
Thousands of Procedures Delayed as Call Centers and Scheduling Systems Go Dark
Following the breach, elective procedures were paused, and call centers became inoperable, leaving patients without clear communication on rescheduling, prescription access, or surgery updates.
The outage affected cancer treatments, surgeries, and other essential services. Many patients turned to social media to express frustration.
“Everything is old school now with paper forms being filled out by doctors and staff alike,” one cancer patient shared after their appointment.
“Can we get an idea which offices are open or not considering phones are down?” another wrote.
“Maybe someone’s going to lose their life because of their inadequate planning,” said one patient, criticizing the response effort.
Despite dozens of public inquiries, Kettering Health has not provided direct responses on social media. However, it announced on its website that patients with impacted procedures would be contacted by phone, and that surgical decisions are being made on a case-by-case basis.
Interlock Ransomware Group Claims Responsibility
The Interlock ransomware group is believed to be behind the attack. CNN reviewed a ransom note allegedly left by the gang, which stated:
“Your network was compromised, and we have secured your most vital files.”
The note threatened to leak sensitive data unless a ransom was paid. Although Interlock operates a dark web leak site known as the Worldwide Secrets Blog, Kettering Health was not listed, suggesting possible ongoing negotiations.
Patient Safety and Healthcare Infrastructure Vulnerabilities Under Scrutiny
Cybersecurity experts say the Kettering breach highlights systemic weaknesses in healthcare networks.
“These attacks do more than just breach networks; they directly compromise care delivery and patient safety,” said Joshua Roback, Principal Security Solution Architect at Swimlane.
“Cybersecurity in healthcare can’t remain a siloed IT issue. It must be embedded into the core of the patient care strategy, with resilience, not recovery, as the standard.”
Kettering Health serves approximately 1.5 million patients annually, with 14 medical centers, including top-ranked hospitals in cancer, heart, maternity, and neurosurgery care. In 2023, the nonprofit reported $34.1 million in annual revenue, according to ProPublica.
Surge in Scam Calls Targets Kettering Patients Amid Outage
In the aftermath of the attack, Kettering Health warned of scam calls targeting patients, with fraudsters posing as Kettering staff and requesting credit card information for medical expenses.
“It has not been established that these scam calls are connected to the system-wide technology outage,” Kettering clarified, but added:
“Out of an abundance of caution, we will not be making calls to ask for or receive payment over the phone until further notice.”
Patients are urged to report any suspicious calls to local law enforcement.
