Interlock Ransomware Gang Claims Cyberattack on Kettering Health Healthcare Network
The Interlock ransomware group has claimed responsibility for a recent cyberattack on Kettering Health, a prominent nonprofit healthcare network in western Ohio. Employing over 15,000 staff members, including more than 1,800 physicians, Kettering Health operates 14 medical centers and over 120 outpatient facilities.
The organization disclosed that on May 20, a cyberattack disrupted its operations, causing an outage that affected the call center and critical patient care systems. As a result, staff lost access to computerized charting systems, forcing a temporary reversion to manual, paper-based processes. The disruption led to the cancellation of elective inpatient and outpatient procedures, though emergency rooms and clinics remained operational and continued to see patients.
Kettering Health has since restored access to its electronic health record (EHR) system, while efforts continue to reinstate the MyChart patient portal and call center phone systems. In the interim, the network has provided a temporary phone line staffed by registered nurses to assist patients with urgent clinical questions.
Although Kettering Health has not publicly attributed the breach to any specific threat actor, Interlock has claimed responsibility for the attack and published samples of the stolen data. The ransomware gang asserts it exfiltrated approximately 941 GB of data, comprising over 20,000 folders and 732,489 documents containing sensitive information. This includes bank reports, payroll records, patient data, pharmacy and blood bank documents, internal police personnel files, and scanned identity documents such as passports.
Interlock is a relatively new ransomware operation that emerged in September 2024 and has rapidly gained notoriety for targeting healthcare organizations globally. The group has been linked to sophisticated tactics including ClickFix attacks where IT tools are impersonated to gain initial network access, and the deployment of a previously unknown remote access trojan (RAT) named , which was used in attacks against UK universities earlier this year.
Recently, Interlock also claimed responsibility for breaching DaVita, a Fortune 500 kidney care provider with more than 2,600 dialysis centers across the United States, leaking 1.5 terabytes of stolen data.
Kettering Health declined to provide further comments following the incident.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
