HQ/EMEAFind out how we can help your business
Kettering Health, a prominent healthcare provider with 14 medical centres across Ohio, has officially traced the recent cyberattack that breached its network and involved data theft back to the Interlock ransomware group in May.
The organisation, which oversees over 120 outpatient facilities and employs over 15,000 staff, including upwards of 1,800 physicians, provided an update on Thursday confirming that its IT systems are now secured.
The firm’s security teams also restored communication lines with patients affected by the ransomware-related outage.
The firm stated that all malicious tools and persistence mechanisms deployed by the external group have been removed, and the affected infrastructure has been secured.
Consequently, robust security measures have been enacted, which include network segmentation, enhanced monitoring protocols, and updated access controls.
Kettering Health has already disclosed the incident without confirming the attackers’ identity.
Initially, Kettering Health revealed the cyberattack on May 20, clarifying that the data breach had hindered medical professionals’ ability to use electronic charting systems, forcing a temporary return to manual documentation methods.
The disruption also impacted certain patient care systems and their call centre, leading to the cancellation of elective procedures. Despite these setbacks, emergency departments and outpatient clinics remained operational.
Earlier this month, the health network announced that access to its electronic health record (EHR) platform had been reinstated, and efforts are being made to reactivate the MyChart portal for patients and call centre services.
On the other hand, the Interlock ransomware group took public responsibility for the breach and shared samples of the data it reportedly stole last week. According to the hackers, they exfiltrated 941 GB of data, including over 20,000 folders comprising 732,489 documents filled with highly sensitive information.
The stolen data allegedly contains patient records, documents from pharmacies and blood banks, banking and payroll data, internal police personnel records, scanned identification materials, and passports.
Interlock is a relatively new ransomware group that emerged in September and has been connected to numerous cyberattacks worldwide, particularly against healthcare organisations. The group is also known for Clickfix-related attacks, where malicious actors posed as IT support tools to gain unauthorised access to victim networks.
