The attack on Kettering Health, an Ohio network of hospitals, clinics, and medical facilities, was attributed to a ransomware group. Two weeks after being forced to shut down all of its computer systems due to a ransomware attack, the healthcare system is still recuperating.
In a post on its official dark web site, Interlock, a relatively new ransomware group that has been targeting U.S. healthcare businesses since September 2024, claimed to have stolen over 940 terabytes of data from Kettering Health.
On May 20, CNN initially revealed that Interlock was responsible for the Kettering Health hack. However, Interlock had not claimed credit in public at the time. Typically, that can indicate that the cybercriminals are threatening to reveal stolen data in an effort to demand a ransom from their victims. Now that Interlock has come forth, it may be a sign that the talks have failed.
Kettering Health’s senior vice president of emergency operations, John Weimer, previously told local media that the healthcare company had not paid the hackers a ransom.
When TechCrunch contacted Kettering Health spokesman Claire Myree on Wednesday, she declined to comment.
A request for comment addressed to an email address on Interlock’s dark web site was not answered.
According to a quick analysis of some of the files Interlock posted on its dark web site, the hackers were able to obtain a variety of data from Kettering Health’s internal network, including clinical summaries authored by physicians that include categories like mental status, medication, health concerns, and other patient data categories, as well as private health information like patient names and numbers. Employee information and shared disk contents are examples of additional stolen data.
Documents including background checks, polygraphs, and other private identifying information of Kettering Health Police Department officers are contained in one of the folders.
Kettering Health released an update on the hack on Monday, stating that it has successfully restored “key components” of its electronic health record system, which is supplied by healthcare software provider Epic. In order to “update and access electronic health records, facilitate communication across care teams, and coordinate patient care with greater speed and clarity,” the company described this as “a major milestone in our broader restoration efforts and a vital step toward returning to normal operations.”
Leave feedback about this