Kettering Health Suffers System-Wide Outage Due to Cyberattack

Why this matters: This attack highlights the growing threat of cyberattacks on healthcare providers, which can severely disrupt patient care, compromise sensitive data, and cost significant resources to remediate.

Kettering Health, serving a large portion of Ohio with over 1,800 doctors across 14 medical centers, was hit by a ransomware attack on Tuesday morning, May 20, 2025. The attack has created numerous challenges, including the cancellation of elective procedures and disruption of the call center. The hospital network has implemented backup procedures to maintain patient safety and quality of care.

The ransomware, identified as Interlock, has compromised Kettering’s computer network, threatening to leak stolen data online unless a ransom is negotiated. This group has previously targeted tech, manufacturing, and government organizations. Federal agencies such as the FBI, HHS, and CISA are typically involved in responding to such attacks.

This incident follows a series of cyberattacks on major health providers in recent years, including Ascension and UnitedHealth Group, impacting patient care and exposing personal data. The health sector reported over 440 ransomware attacks and data breaches to the FBI last year, underscoring the urgent need for improved cybersecurity defenses. The Greater Dayton Area Hospital Association acknowledged the incident, emphasizing the importance of collaboration and preparedness in healthcare.

The cyberattack has caused a system-wide technology outage, leading to canceled elective procedures, disrupted phone lines, and limited access to the MyChart patient portal.

Yes, emergency rooms and clinics are open and continuing to see patients, although ambulance diversions are in place.

The ransomware note leads to an extortion site associated with the Interlock ransomware gang.

The FBI, the Department of Health and Human Services, and the US Cybersecurity and Infrastructure Security Agency are typically involved in responding to major cyberattacks on American health care providers.

Healthcare organizations possess information of high monetary and intelligence value to cyber thieves, and stolen health records can sell for much more than stolen credit card numbers on the dark web.

How to Prepare:

Who This Affects Most:

Do you think healthcare organizations are doing enough to protect themselves from cyberattacks? What more can be done? Share this article with others who need to stay ahead of this trend!