Cyber Incident Victim: Kettering Health
Date:
Feb 2021
Location:
United States of America
Summary
Scammers impersonated a healthcare organization by creating a fraudulent COVID-19 vaccine registration website soliciting users' personal information, bank account details, and full Social Security numbers. The legitimate entity clarified that while it collects names, addresses, birthdates, and occasionally the last four digits of Social Security numbers for identity verification, it never requests complete Social Security numbers, financial data, credit card payments, or fees for vaccine access. The organization actively worked to remove the fraudulent site to prevent further exploitation of individuals seeking vaccinations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In February 2021, Kettering Health Network, an Ohio-based healthcare system, faced a cybersecurity incident involving fraudulent actors impersonating the organization through a fake COVID-19 vaccine registration website. The imposter site, active around February 18, 2021, falsely advertised vaccine access in exchange for users’ sensitive personal and financial information. Specifically, the fraudulent platform requested individuals to submit their full Social Security numbers, bank account details, and other personal identifiers under the guise of scheduling vaccinations. This phishing scheme exploited public urgency surrounding vaccine availability during the pandemic, potentially exposing victims to identity theft and financial fraud. Kettering Health Network publicly confirmed the scam’s existence on February 19, 2021, warning patients that the fake site was not affiliated with their legitimate operations. The health system emphasized that its authentic vaccine registration process never required such extensive sensitive data, distinguishing it from the fraudulent activity.
Kettering Health Network responded by issuing clear guidance to help patients identify legitimate communications. Jody Underwood, Executive Director of Population Health at Kettering Physician Network, explicitly stated that the organization would never request full Social Security numbers, bank information, credit card payments, or early access fees during vaccine scheduling. The health system clarified that its valid registration process only required basic details like names, addresses, and dates of birth for eligibility verification, occasionally asking for the last four digits of Social Security numbers for identity confirmation. Concurrently, Kettering initiated efforts to have the fraudulent website taken down, though the article did not specify the timeline or success of these takedown actions. The incident highlighted risks associated with pandemic-related cyber scams targeting healthcare organizations and their patients, with Kettering’s public statements serving to mitigate potential reputational harm and patient distrust by transparently delineating authentic practices from fraudulent ones.