Kettering Health Cyberattack Causes System-wide Outage

Kettering Health, a faith-based health system in Ohio, has experienced a cyberattack that has caused a system-wide outage that is disrupting patient services. Kettering Health has more than 1,800 physicians, 15,000 employees, and operates 14 medical centers and more than 120 outpatient facilities in western Ohio.

On Tuesday morning, Kettering Health suffered a network-wide outage that prevented access to key patient care systems. IT systems have remained offline for a second day, its phone lines have been disrupted, and its patient portal is offline. All Kettering Health facilities are open, care continues to be provided, and its emergency rooms are accepting patients; however, the decision was taken to cancel elective inpatient and outpatient procedures. Those procedures will be rescheduled when its IT systems have been restored. Patient procedures are being reviewed on a case-by-case basis, with patient safety the top priority.

“We have procedures and plans in place for these types of situations and will continue to provide safe, high-quality care for patients currently in our facilities,” explained Kettering Health in its website notice. IT teams are working around the clock to restore systems, although a timeline for the recovery could not be provided.

Kettering Health has confirmed the outage was caused by a cyberattack and an investigation is underway to determine the nature and scope of the unauthorized activity and whether patient data has been compromised. While the investigation is in the early stages, Kettering Health said no evidence has been found to indicate personal cell phone apps such as MyChart have been compromised.

Cyberattacks that cause system-wide outages typically involve ransomware, and while Kettering Health has not confirmed that ransomware was used, a ransomware group known to target healthcare providers has claimed responsibility for the attack.

There have been multiple media reports that the Interlock ransomware group is behind the attack, with CNN claiming to have viewed the ransom note. Interlock was behind the recent ransomware attack on the Kidney dialysis service provider DaVita and last year’s attack on Texas Tech University Health Sciences Center, along with more than a dozen other attacks on healthcare organizations.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Download Free Checklist

Like most ransomware groups, Interlock steals data before encrypting files and demands a ransom payment to prevent the publication of the stolen files and to obtain the decryption keys. According to CNN, the ransom note states that Kettering Health has 72 hours to pay the ransom, or the stolen data will be destroyed or published. Interlock claims on its data leak site that it is selling 20+ TB of data stolen from Davita; however, at the time of publication, Kettering Health is not listed on the group’s website. That is not unusual given the 72-hour window reportedly provided to Kettering Health to make contact and negotiate payment.

In the early evening on the day of the attack, Kettering Health issued a warning to patients about the risk of scam calls. “We have confirmed reports that scam calls have occurred from persons claiming to be Kettering Health team members requesting credit card payments for medical expenses,” explained Kettering Health. “While it is customary for Kettering Health to contact patients by phone to discuss payment options for medical bills, out of an abundance of caution, we will not be making calls to ask for or receive payment over the phone until further notice.” It is unclear if the scam calls are linked to the cyberattack.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/