Healthcare giant Kettering Health, which manages 14 medical centers in Ohio, confirmed that the Interlock ransomware group breached its network and stole data in a May cyberattack.
Kettering Health operates over 120 outpatient facilities and employs over 15,000 people, including over 1,800 physicians.
The healthcare network noted in a Thursday statement that its network devices have been secured, and its team is now working on re-establishing communication channels with patients disrupted by the outage triggered by last month’s ransomware attack.
“The tools and persistence mechanisms used by the third-party group have been eradicated, and all affected systems have been secured,” it said. “A thorough review of all systems was conducted by external partners and our internal team, and all necessary security protocols, including network segmentation, enhanced monitoring, and updated access controls, are in place.”
Kettering Health disclosed a cyberattack on May 20, saying the resulting outage left medical staff without access to computerized charting systems and forced its care teams back to pen and paper. While the cyberattack also impacted its call center and some patient care systems, leading to canceled elective procedures, the health giant’s emergency rooms and clinics remained open.
On Monday, the health network said it restored access to its electronic health record (EHR) system and is working to bring the MyChart medical record application system for patients and call centers back online.
The Interlock ransomware gang claimed responsibility for the attack this week and published samples of allegedly stolen data, saying they exfiltrated 941 GB of files, including over 20,000 folders with 732,489 documents containing sensitive information.
The stolen information allegedly includes patients’ data, pharmacy and blood bank documents, bank reports, payroll information, Kettering Health police personnel files, and scans of identity documents, including passports.
Interlock is a relatively new ransomware operation that emerged in September and has taken responsibility for numerous attacks on victims worldwide, many of whom were against healthcare organizations.
This cybercrime gang has also been associated with ClickFix attacks, which involved impersonating IT tools to gain initial access to their targets’ networks. Interlock operators have also deployed a previously unknown remote access trojan (RAT) named NodeSnake in attacks against U.K. universities earlier this year.
Most recently, Interlock claimed the breach of DaVita, a Fortune 500 kidney care provider operating over 2,600 dialysis centers across the United States, leaking 1.5 terabytes of data allegedly stolen from the victim’s compromised systems.
Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.
In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.
