Article Details

Kettering Health confirms Interlock ransomware behind cyberattack. Healthcare giant Kettering Health, which manages 14 medical centers in Ohio, confirmed that the Interlock ransomware group breached its network and stole data in a May cyberattack. Kettering Health operates over 120 outpatient facilities and employs over 15,000 people, including over 1,800 physicians. The healthcare network noted in a Thursday statement that its network devices have been secured, and its team is now working on re-establishing communication channels with patients disrupted by the outage triggered by last month's ransomware attack. "The tools and persistence mechanisms used by the third-party group have been eradicated, and all affected systems have been secured," it said. "A thorough review of all systems was conducted by external partners and our internal team, and all necessary security protocols, including network segmentation, enhanced monitoring, and updated access controls, are in place." Kettering Health disclosed a cyberattack on May 20, saying the resulting outage left medical staff without access to computerized charting systems and forced its care teams back to pen and paper. While the cyberattack also impacted its call center and some patient care systems, leading to canceled elective procedures, the health giant's emergency rooms and clinics remained open. On Monday, the health network said it restored access to its electronic health record (EHR) system and is working to bring the MyChart medical record application system for patients and call centers back online. The Interlock ransomware gang claimed responsibility for the attack this week and published samples of allegedly stolen data, saying they exfiltrated 941 GB of files, including over 20,000 folders with 732,489 documents containing sensitive information. The stolen information allegedly includes patients' data, pharmacy and blood bank documents, bank reports, payroll information, Kettering Health police personnel files, and scans of identity documents, including passports. Interlock is a relatively new ransomware operation that emerged in September and has taken responsibility for numerous attacks on victims worldwide, many of whom were against healthcare organizations. This cybercrime gang has also been associated with ClickFix attacks, which involved impersonating IT tools to gain initial access to their targets' networks. Interlock operators have also deployed a previously unknown remote access trojan (RAT) named NodeSnake in attacks against U.K. universities earlier this year. Most recently, Interlock claimed the breach of DaVita, a Fortune 500 kidney care provider operating over 2,600 dialysis centers across the United States, leaking 1.5 terabytes of data allegedly stolen from the victim's compromised systems. Why IT teams are ditching manual patch management Manual patching is outdated. It's slow, error-prone, and tough to scale. Join Kandji + Tines on June 4 to see why old methods fall short. See real-world examples of how modern teams use automation to patch faster, cut risk, stay compliant, and skip the complex scripts.