A ransomware gang claimed responsibility for the hack on Kettering Health, a network of hospitals, clinics, and medical centers in Ohio. The healthcare system is still recovering two weeks after the ransomware attack forced it to shut down all its computer systems.
Interlock, a relatively new ransomware group that has targeted healthcare organizations in the U.S. since September 2024, published a post on its official dark web site, claiming to have stolen more than 940 gigabytes of data from Kettering Health.
CNN first reported on May 20 that Interlock was behind the breach on Kettering Health. At the time, however, Interlock had not publicly taken credit. Usually, that can mean the cybercriminals are attempting to extort a ransom from their victims, threatening to release stolen data. The fact that Interlock has now come forward could indicate that the negotiations have gone nowhere.
Contact Us
Do you have more information about Kettering Health’s ransomware incident? Or other ransomware attacks? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
Kettering Health’s senior vice president of emergency operations, John Weimer, previously told local media that the healthcare company had not paid the hackers a ransom.
TK, a spokesperson for Kettering Health, did not provide comment when reached by TechCrunch on Wednesday.
Interlock did not respond to a request for comment sent to an email address listed on its dark web site.
A brief review of some of the files Interlock published on its dark web site appears to show the hackers were able to steal an array of data from Kettering Health’s internal network, including private health information, such as patient names, patient numbers, and clinical summaries written by doctors, which include categories such as mental status, medications, health concerns, and other categories of patient data. Other stolen data includes employee data and the contents of shared drives.
One of the folders contains documents, such as background files, polygraphs, and other private identifying information of police officers with Kettering Health Police Department.
On Monday, Kettering Health published an update on the cyberattack, saying the company was able to restore “core components” of its electronic health record system, which is provided by Epic, a healthcare software company. The company said this was “a major milestone in our broader restoration efforts and a vital step toward returning to normal operations” that allows it to “to update and access electronic health records, facilitate communication across care teams, and coordinate patient care with greater speed and clarity.”
