Kettering hospitals scramble after ransomware attack, thousands patient procedures canceled

A ransomware attack on Kettering Health, a major Ohio healthcare network, has severely disrupted operations across more than 120 facilities, including nine hospitals. Thousands of patient procedures—some critical or life-threatening—have been canceled due to a system-wide technology outage caused by unauthorized access to its network.

Key Points:

  • Scope of Outage: Elective procedures were paused, phones and call centers were down, and medical staff reverted to paper records. This left many patients without communication about appointments, surgeries, or prescriptions.

  • Impact on Patients: Patients have expressed frustration online, reporting missed treatments, lack of updates, and fears about safety and inadequate planning.

  • Official Response: Kettering stated it is working to mitigate the incident, evaluate procedures case by case, and contact patients directly. However, responses to public concerns have been slow or absent.

  • Security Insights: Experts, like Swimlane’s Joshua Roback, say the breach highlights the fragility of healthcare infrastructure, noting that cyberattacks directly threaten patient safety, not just data.

  • Scam Risks: In the aftermath, scammers have impersonated Kettering staff to steal patient info. Kettering has suspended all payment calls and warned patients to be cautious.

  • Ransomware Group Involved: The Interlock ransomware gang is believed to be behind the attack. They left a ransom note and threatened to leak stolen data unless paid. So far, Kettering is not listed on Interlock’s leak site, suggesting potential negotiations are ongoing.

  • Data Privacy: Kettering claims there’s no evidence MyChart or personal apps were compromised, but double extortion—a tactic used by Interlock—remains a serious threat.

Experts warn that such attacks are becoming more frequent and that cybersecurity must become integral to patient care systems, not treated as a side issue.