Kettering Health, a network with dozens of medical and emergency centers in Ohio, is still working to recover and return to normal operations two weeks after a ransomware attack prompted “a system-wide technology outage.”
On Monday, Kettering Health said in an update that it had restored “core components” of its electronic health record system provided by Epic, which re-established the company’s “ability to update and access electronic health records, facilitate communication across care teams, and coordinate patient care.”
A patient who said they frequently rely on Kettering Health told TechCrunch that they and others cannot call into doctors’ offices, are having trouble getting medication refills, and some emergency rooms are closed.
“Everything is being done by hand pen and paper,” the patient said.
Contact Us
Do you have more information about Kettering Health’s ransomware incident? Or other ransomware attacks? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
Others say they are having to deal with these issues on local subreddits. In a post on the Dayton, Ohio, subreddit, for example, a patient said they were having trouble refilling medication, without which they risked having “a withdrawal seizure,” and couldn’t call their doctor because phone lines were down. Another person wrote over the weekend that “everything is still on paper, no computers and spotty phone service.”
“I’d avoid using Kettering right now if possible,” they wrote.
Another user said that “ambulances are still avoiding Kettering because they have to wait too long to dump patients due to paper charting and label making.”
Others said they had their MRIs, cancer followups, tests before open-heart surgery, and chemotherapy sessions cancelled.
Last week, Kettering Health’s senior vice president of emergency operations John Weimer told a local TV station that the healthcare company believed the incident was a ransomware attack, and that it had not paid a ransom.
“As soon as this was realized, we did shut down our IT infrastructure, which essentially means we shut off our door to the world,” Weimer told WLWT Cincinnati.
A spokesperson for Kettering Health did not respond to a series of questions from TechCrunch, including whether the hackers exfiltrated data, and if so, what kinds of data were taken.
“Your network was compromised, and we have secured your most vital files,” said the ransom note from the hackers, according to CNN. The news network reported that the attack was carried out by a gang called Interlock. The ransomware gang has not yet publicly taken credit for the cyberattack, suggesting the hackers may still be attempting to negotiate a ransom payment.
Kettering is the latest in a series of healthcare companies targeted by hackers, both with ransomware and other types of malware. In 2024, a ransomware attack on UnitedHealth-owned health tech company Change Healthcare became the worst healthcare breach in U.S. history. Change Healthcare confirmed in January 2025 that the breach impacted 190 million people across the United States.
Also last year, U.S. healthcare giant Ascension disclosed that hackers had stolen 5.6 million patient records in a ransomware attack. Healthcare news website HIPAA Journal called 2024 “an annus horribilis for healthcare data breaches,” with a record number of patients’ stolen data.
Kettering Health spokesperson Claire Myree acknowledged but did not respond to TechCrunch’s request for comment.
