Article Details

Kettering Health hit by system-wide outage after ransomware attack. Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage. The nonprofit organization also manages emergency centers and over 120 outpatient facilities across western Ohio, and it employs over 15,000 people, including more than 1,800 physicians. In a statement published on its website, Kettering Health confirmed that a cybersecurity attack is behind an ongoing outage affecting the call center and some patient care systems. "Elective inpatient and outpatient procedures at Kettering Health facilities have been canceled for today, Tuesday, May 20. These procedures will be rescheduled for a later date and more information will be provided on this as updates are available. In addition, our call center is experiencing an outage and may not be accessible," the healthcare provider said. "At this time, only elective procedures are being rescheduled. Our emergency rooms and clinics are open and continuing to see patients." Kettering Health also confirmed reports that scammers impersonating Kettering Health employees call patients and request credit card payments for medical expenses. While these scam calls are yet to be linked to the attack, patients are advised to report them to law enforcement. "While it is customary for Kettering Health to contact patients by phone to discuss payment options for medical bills, out of an abundance of caution, we will not be making calls to ask for or receive payment over the phone until further notice," it added. Outage linked to Interlock ransomware attack While the health network has yet to reveal the nature of the attack and if any patient data was stolen during the incident, the resulting outage has all the signs of a ransomware attack. CNN also reported that the Interlock ransomware gang was likely behind the attack, with the group now threatening to leak information stolen from Kettering Health's systems if the organization doesn't want to negotiate a ransom payment. "Your network was compromised, and we have secured your most vital files," says a ransom note reportedly dropped on encrypted devices. Interlock has yet to claim a Kettering Health breach on its dark web data leak site, and no other ransomware operation has claimed responsibility either. Interlock is one of the newer ransomware operations, surfacing in September and claiming responsibility for over three dozen victims since then. Most recently, the ransomware gang claimed the breach of DaVita, a Fortune 500 kidney care provider with over 2,600 dialysis centers across the United States, and leaked 1.5 terabytes of data (nearly 700,000 files) allegedly stolen from the organization's systems. A Kettering Health spokesperson didn't share additional details regarding the incident when BleepingComputer asked for confirmation that the health network was the victim of a ransomware attack. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.