In May 2025, Kettering Health, a prominent healthcare network operating 14 medical centers and over 120 outpatient facilities in Ohio, experienced a significant cyberattack attributed to the Interlock ransomware group. The attack resulted in system-wide outages, data breaches, and operational disruptions, including canceled procedures and communication challenges. In response, Kettering Health initiated a comprehensive recovery plan, restoring critical systems and enhancing security protocols to safeguard against future incidents.
The Cyberattack Unfolds
On May 20, 2025, Kettering Health reported a system-wide technology outage affecting its call center and patient care systems. The organization canceled all elective inpatient and outpatient procedures for that day, rescheduling them for later dates. Emergency rooms and clinics remained operational, continuing to provide patient care. The outage also impacted the MyChart patient portal and phone lines, leading to communication challenges for patients and staff. (ketteringhealth.org)
Keep your data secure with TrueNASs self-healing and high-availability technology.
The Interlock ransomware group, known for targeting healthcare organizations, claimed responsibility for the attack. They alleged to have exfiltrated approximately 941 GB of data, including over 20,000 folders containing 732,489 documents with sensitive information such as patient data, pharmacy and blood bank documents, bank reports, payroll information, and scans of identity documents. (bleepingcomputer.com)
Kettering Health’s Response and Recovery Efforts
Upon detecting the cyberattack, Kettering Health activated its incident response plan, engaging internal cybersecurity teams and external forensic specialists to contain the threat. The organization implemented network isolation protocols to prevent the ransomware from spreading across its systems. Over 200 staff members, including Kettering Health Information Systems team members, clinical staff, and Epic partners, worked collaboratively to restore critical systems. By June 2, 2025, Kettering Health successfully launched the core components of its Epic electronic health record (EHR) system, reestablishing the ability to update and access electronic health records, facilitate communication across care teams, and coordinate patient care. (gbhackers.com)
The organization also enhanced its security protocols, including network segmentation, enhanced monitoring, and updated access controls, to prevent future attacks. Kettering Health expressed confidence in its updated cybersecurity framework and employee security training programs, stating they are sufficient to mitigate future risks. (cyberpress.org)
Impact on Patients and Community
During the outage, patients experienced significant disruptions, including canceled procedures, communication challenges, and delays in accessing medical records. Kettering Health advised patients to remain vigilant against scam communications, such as fraudulent calls demanding credit card payments for medical expenses, and to report suspicious incidents to local authorities. The organization emphasized that it would never reach out to staff or patients via social media platforms. (cyberpress.org)
The incident highlighted the growing cybersecurity threats facing healthcare organizations and the critical importance of robust incident response procedures in maintaining patient care continuity during system disruptions. (cyberpress.org)
References
The rapid restoration of the Epic EHR system is impressive. What strategies proved most effective in re-establishing access to electronic health records and care team communication so quickly, and how can other healthcare networks learn from this?