Kettering Health, a major Ohio-based healthcare network with multiple medical and emergency centers, suffered a severe ransomware attack leading to a system-wide technology outage lasting over two weeks. The attack disrupted electronic health records (Epic system), forcing staff to revert to manual (pen-and-paper) operations. Critical services were severely impacted: emergency rooms closed, medication refills delayed (risking patient seizures), ambulances diverted due to prolonged wait times, and life-saving procedures canceled—including MRIs, cancer follow-ups, open-heart surgery prep, and chemotherapy. Phone lines and digital communications failed, leaving patients unable to contact doctors. While Kettering restored *core* EHR functions, the Interlock ransomware gang claimed responsibility, stating they had compromised and secured vital files. The attack mirrors a broader 2024 trend of devastating healthcare breaches, though Kettering has not confirmed data exfiltration or the scope of stolen records. The operational chaos threatened patient safety, with some facing potentially fatal delays in critical treatments.
TPRM report: https://www.rankiteo.com/company/ketteringhealth
"id": "ket1270312100325",
"linkid": "ketteringhealth",
"type": "Ransomware",
"date": "6/2024",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Ohio, USA',
'name': 'Kettering Health',
'size': 'Dozens of medical and emergency centers',
'type': 'Healthcare Network'}],
'customer_advisories': ['Public acknowledgment of system outage and gradual '
'recovery',
'No specific guidance on data breach risks or '
'protective measures'],
'data_breach': {'data_encryption': 'Yes (ransomware encrypted systems)',
'data_exfiltration': 'Unconfirmed (hackers claimed to secure '
"'most vital files,' but Kettering "
'Health did not disclose details)'},
'date_publicly_disclosed': '2025-01-27T00:00:00Z',
'description': 'Kettering Health, a network of medical and emergency centers '
'in Ohio, experienced a ransomware attack causing a '
'system-wide technology outage. The attack disrupted '
'electronic health records (EHR), communication, patient care '
'coordination, medication refills, and emergency services. The '
'healthcare provider is gradually restoring services, with '
'core components of its Epic EHR system recovered two weeks '
'post-attack. Patients reported canceled appointments, closed '
'emergency rooms, and reliance on manual (pen-and-paper) '
'processes. The attack was attributed to the ransomware gang '
"'Interlock,' though no ransom was paid. The full scope of "
'data exfiltration remains undisclosed.',
'impact': {'brand_reputation_impact': 'High (public advisories to avoid '
'facilities, negative local subreddit '
'discussions, media coverage of '
'operational failures)',
'customer_complaints': ["Inability to contact doctors' offices",
'Medication refill delays (risking '
'withdrawal seizures)',
'Canceled critical appointments',
'Long wait times in emergency rooms',
'Recommendations to avoid Kettering Health '
'services'],
'downtime': '2+ weeks (ongoing recovery as of last update)',
'operational_impact': ['Manual (pen-and-paper) processes for '
'patient records',
'Canceled medical procedures (MRIs, '
'chemotherapy, open-heart surgery prep, '
'cancer follow-ups)',
'Closed or limited emergency room services',
'Delayed medication refills',
'Ambulance diversions due to prolonged '
'patient processing times',
'Spotty phone service'],
'systems_affected': ['Electronic Health Record (EHR) system (Epic)',
'Communication systems',
'Phone lines',
'Patient care coordination tools',
'Emergency room operations',
'Appointment scheduling systems']},
'investigation_status': 'Ongoing (as of last update; data exfiltration scope '
'undisclosed)',
'motivation': 'Financial (ransom demand)',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Claimed by attackers, unconfirmed by '
'Kettering Health',
'ransom_demanded': 'Yes (amount undisclosed)',
'ransom_paid': 'No'},
'references': [{'source': 'TechCrunch'},
{'source': 'CNN'},
{'source': 'WLWT Cincinnati (local TV station)'},
{'source': 'Dayton, Ohio Subreddit'}],
'response': {'communication_strategy': ['Public updates via media statements',
'No direct response to detailed '
'inquiries (e.g., data exfiltration '
'status)'],
'containment_measures': ['Shutdown of IT infrastructure to '
'isolate systems'],
'incident_response_plan_activated': 'Yes (IT infrastructure '
'shutdown immediately after '
'detection)',
'recovery_measures': ['Manual processes for patient care during '
'outage',
'Prioritization of critical services '
'(e.g., emergency care)'],
'remediation_measures': ['Restoration of core Epic EHR '
'components',
'Gradual re-establishment of electronic '
'health record access']},
'threat_actor': 'Interlock (ransomware gang)',
'title': 'Ransomware Attack on Kettering Health Disrupts Operations for Two '
'Weeks',
'type': 'Ransomware Attack'}