Cyber Incident Victim: Kettering Health

On Tuesday morning, a cybersecurity incident began at Kettering Health after unauthorized access was detected. The incident caused a system-wide technology outage that limited workers’ ability to access certain patient care systems. As a result, elective inpatient and outpatient procedures at Kettering Health facilities were canceled for Tuesday and will be rescheduled. The hospital network’s call center was also down due to the attack. Despite the outage, all emergency rooms and clinics remained open and continued to see patients. A spokesperson stated that steps had been taken to contain and mitigate the activity and that the situation was being actively investigated and monitored.

Kettering Health noted that it has procedures in place to handle such cybersecurity situations. The spokesperson did not respond to questions about whether the incident involved a ransomware attack. CNN reported that a ransom note discovered by the hospital’s IT workers allegedly originated from the Interlock ransomware gang. The Interlock gang had previously been linked to an attack on the dialysis provider DaVita and to incidents at Texas Tech University Health Sciences Center and its El Paso counterpart. The spokesperson added that updates would be provided as appropriate.

Kettering Health operates 14 medical centers and dozens of clinics primarily in the Dayton area, managing nearly 400,000 emergency room visits in 2023. The article references a similar cyberattack that disrupted a large Maryland healthcare network in January. It also notes that Microsoft warned in March that hospitals would need to spend millions more to better protect critical systems necessary for patient care. These details provide context for the broader threat landscape facing healthcare organizations.