HQ/EMEAFind out how we can help your business
Kettering Health, a nonprofit healthcare network in Ohio, suffered a major system-wide technology outage following an alleged cyberattack. Reports revealed that the company was forced to cancel inpatient and outpatient procedures.
According to a statement on its official site, Kettering Health confirmed that a cybersecurity incident had disrupted patient care systems and the organisation’s call centre. Elective procedures scheduled for Tuesday, May 20, were cancelled and will be rescheduled.
On the other hand, emergency rooms and clinics remained open and continued to serve patients.
In the wake of the incident, Kettering Health also acknowledged reports of scam phone calls in which individuals impersonated its employees and requested credit card payments for medical services.
Although no direct evidence links these fraudulent calls to the cyberattack, the organisation advised patients to report such activity to law enforcement. As a precaution, the healthcare provider temporarily stopped outbound billing-related phone calls.
The attack on Kettering Health is linked to the notorious Interlock ransomware group.
While Kettering Health has not disclosed whether patient data was stolen, the attack has shown characteristics consistent with ransomware.
Moreover, a researcher reported that the attack appears to be the work of a threat actor known as Nefarious Mantis, which is associated with the Interlock ransomware cluster.
This group has previously targeted healthcare and biotechnology sectors in the U.S., often deploying remote access tools like the Interlock RAT to conduct internal reconnaissance and maintain persistent access within compromised networks.
These intrusions have frequently led to ransomware deployment, causing widespread disruption and potential data loss.
Furthermore, a major news outlet reported that the Interlock group is likely behind the Kettering Health breach. According to the outlet, the attackers left a ransom note on encrypted systems, claiming to have accessed and secured vital files from the organisation’s network.
The group reportedly threatened to leak the stolen information unless a ransom was paid.
As of now, the Interlock ransomware gang has yet to claim the breach on its dark web leak site publicly, and no other ransomware group has stepped forward to take credit.
