Ransomware cyber

Kettering Health

Jun 6, 2025 1 min read
Kettering Health

Kettering Health experienced a ransomware attack in May that led to the cancellation of chemotherapy sessions and pre-surgery appointments. The cybercriminal group Interlock claimed to have leaked 941 GB of data, including ID cards, payment data, and financial reports, affecting both patients and staff. The attack caused a system-wide technology outage, limiting access to patient care systems and resulting in the diversion of ambulances and the use of paper charting for patient care.

Source: https://www.theregister.com/2025/06/04/ransomware_scum_leak_kettering_patient_data/

TPRM report: https://scoringcyber.rankiteo.com/company/kettering-health-network

"id": "ket422060625",
"linkid": "kettering-health-network",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Western Ohio',
                        'name': 'Kettering Health',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Unauthorized Access',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': 732490,
                 'type_of_data_compromised': ['ID cards',
                                              'payment data',
                                              'purchasing and financial '
                                              'reports',
                                              'patient and staff details']},
 'date_detected': '2023-05-20',
 'date_publicly_disclosed': '2023-05-20',
 'description': 'Kettering Health suffered a ransomware attack in May, leading '
                'to the cancellation of chemotherapy sessions and pre-surgery '
                'appointments. The Interlock ransomware gang later dumped 941 '
                'GB of data online, potentially including personal information '
                'of patients and staff.',
 'impact': {'data_compromised': ['ID cards',
                                 'payment data',
                                 'purchasing and financial reports',
                                 'patient and staff details'],
            'operational_impact': ['Cancellation of elective inpatient and '
                                   'outpatient procedures',
                                   'Use of paper charting for patient care',
                                   'Diversion of ambulances to other '
                                   'hospitals'],
            'systems_affected': ['Epic electronic health record (EHR) system',
                                 'in- and outbound calling',
                                 'MyChart for patients']},
 'motivation': 'Extortion',
 'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Interlock'},
 'references': [{'source': 'The Register'}],
 'response': {'recovery_measures': ['Restoration of core components of Epic '
                                    'EHR system']},
 'threat_actor': 'Interlock Ransomware Gang',
 'title': 'Kettering Health Ransomware Attack',
 'type': 'Ransomware Attack'}
Published by
Jeremy C
Jeremy C
You might also like
Ransomware cyber

Cartier

public 1 min read
Cartier experienced a significant ransomware attack that compromised customer data. The attack resulted in extensive financial and reputational damage. The…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.