Ransomware Attack Plagues Kettering Health, Exposing Data and Disrupting Care

Kettering Health, a major healthcare network in Ohio, has been grappling with significant disruption for weeks following a ransomware attack. The cyberattack led to a system-wide technology outage, severely impacting patient care, communication, and administrative operations. The incident has exposed sensitive patient and employee data, with a ransomware group claiming responsibility.

Ransomware Attack Cripples Kettering Health Operations

Kettering Health experienced a ransomware attack that caused a system-wide technology outage, leading to widespread disruption across its dozens of medical and emergency centers in Ohio. For weeks, the healthcare provider struggled to restore normal operations, with many services being performed manually.

Impact on Patient Care and Operations

The ransomware attack had a profound impact on patient care and daily operations:

• Electronic Health Records: While core components of the Epic electronic health record system have been restored, allowing for some access and updates, the initial outage severely hampered patient data management.
• Communication Issues: Patients reported being unable to call doctors' offices, and phone services were spotty.
• Medication Refills: Many patients faced difficulties in refilling prescriptions, with some expressing concerns about potential health risks.
• Emergency Services: Some emergency rooms were closed, and ambulances reportedly avoided Kettering facilities due to long wait times caused by manual charting.
• Canceled Appointments: Patients experienced cancellations of critical appointments, including MRIs, cancer follow-ups, pre-surgery tests, and chemotherapy sessions.
• Manual Operations: Much of the work was reverted to "pen and paper," indicating a significant step backward in operational efficiency.

Data Breach and Ransomware Group Claims

The ransomware group, identified as Interlock, has claimed responsibility for the attack and stated they stole over 940 gigabytes of data from Kettering Health. This stolen data reportedly includes:

• Patient names and numbers
• Clinical summaries with sensitive health information (mental status, medications, health concerns)
• Employee data
• Contents of shared drives
• Private identifying information of police officers from the Kettering Health Police Department, including background files and polygraphs.

Kettering Health's senior vice president of emergency operations, John Weimer, confirmed that the organization did not pay the ransom. The public claim by Interlock suggests that negotiations for a ransom payment were unsuccessful.

Key Takeaways

• Kettering Health suffered a ransomware attack leading to weeks of operational disruption.
• The attack severely impacted patient care, communication, and administrative functions.
• The ransomware group Interlock claimed responsibility and exfiltrated over 940 GB of sensitive data, including patient and employee information.
• Kettering Health did not pay the ransom.

Broader Context of Healthcare Cyberattacks

This incident is part of a growing trend of cyberattacks targeting the healthcare sector. In 2024, the healthcare industry experienced a record number of data breaches, with notable incidents including the attack on Change Healthcare, which impacted 190 million people, and the breach at Ascension, affecting 5.6 million patient records. These attacks highlight the vulnerability of healthcare systems to cyber threats and the critical need for robust cybersecurity measures to protect sensitive patient data and ensure continuity of care.

Sources

• Health giant Kettering still facing disruption weeks after ransomware attack, TechCrunch.
• Ransomware gang claims responsibility for Kettering Health hack, TechCrunch.