Ransomware attack disrupts Kettering Health Network in Ohio

Kettering Health, a hospital network operating in Ohio, is reporting a significant cybersecurity incident that has resulted in a system-wide technology outage. The attack began on Tuesday morning, May 20, 202t. It's a ransomware attack associated with a group known as Interlock.

The incident has severely impacted the healthcare provider's operations across its 14 medical centers and more than 120 outpatient facilities. It has compromised critical systems, limiting clinicians' ability to access patient care systems and electronic health records. Staff are reverting to manual processes for documentation to maintain patient care.

The organization's call center is also experiencing an outage and may be inaccessible to patients seeking information or assistance. 

Kettering Health has canceled all elective inpatient and outpatient procedures scheduled for Tuesday, and will reschedule these appointments at a later date. All emergency rooms and clinics remain open and continue to see patients.

Kettering Health is diverting ambulances from local fire departments to other facilities. This has prompted Premier Health, another hospital system in the Miami Valley region of southwest Ohio, to declare a "code yellow" in anticipation of a significant increase in patient volumes due to diverted patients.

Update - Kettering reports scam calls since the outage that claim to be representatives of the hospital network requesting credit card payments for medical expenses. Kettering said that it is customary for employees to contact patients to discuss payment options, but all calls have been canceled until further notice due to the scam.

As of 4th of June 2025, Interlock dumped 941 GB of data purportedly belonging to Kettering. The stolen information encompasses 732,490 files across 20,418 folders and appears to include: 

• ID cards,
• payment data,
• purchasing and financial reports,
• other patient and staff details

The dumped data has not been independently verified.

Update - As of 28th of July 2025, Kettering Health confirmed the attack and breach. They said the compromised data may have included:

• names,
• dates of birth,
• Social Security numbers,
• driver’s license numbers,
• diagnoses,
• treatments,
• financial account information. 

The health system will notify affected patients on a rolling basis.

The types of stolen data and number of affected individuals has not been disclosed. The attackers are threatening to leak data allegedly stolen from Kettering Health unless the organization negotiates an extortion fee.