Kettering Health Targeted by Interlock Ransomware Group

Ransomware Health Data

Interlock, a rising ransomware group, has claimed responsibility for a cyberattack on Kettering Health, a major healthcare provider in Ohio. The incident, which occurred on May 20, disrupted patient services and forced hospital teams to revert to manual processes.

Kettering Health employs more than 15,000 professionals and operates 14 hospitals and over 120 outpatient facilities. The organization confirmed the breach after a network disruption impacted digital charting, communications, and patient scheduling. As a result, elective procedures were canceled, though emergency and clinic operations continued.

In a recent update, Kettering Health announced that access to electronic health records (EHR) had been restored. However, the MyChart system and several call centers remain offline. To address urgent clinical needs, a temporary helpline staffed by nurses has been established.

Interlock Releases Stolen Kettering Data

Following the breach, Interlock published samples of stolen data, confirming suspicions of its involvement. The group claims to have exfiltrated 941 GB of sensitive data, including over 700,000 documents. Leaked files allegedly contain:

  • Patient medical records and identity scans
  • Payroll and bank reports
  • Blood bank and pharmacy files
  • Internal police department data from the healthcare network

This breach follows Interlock’s recent attacks on other high-profile healthcare providers, including DaVita, from which 1.5 TB of data was reportedly stolen.

Emerging Threat with Healthcare Focus

Active since September 2024, Interlock has quickly established itself as a major threat actor. The group often gains access through ClickFix-style lures that mimic IT tools. It has also deployed a custom remote access trojan called NodeSnake, used earlier this year in campaigns targeting U.K. universities.

Despite rising threats, Kettering Health has yet to confirm Interlock’s involvement publicly. A spokesperson declined to provide further details about the investigation or response.

Eye World’s Perspective

This incident underscores the growing threat to healthcare infrastructure from ransomware groups like Interlock. At Eye World, we emphasize the importance of proactive defense, employee awareness, and zero-trust security frameworks. Organizations handling sensitive data must prioritize resilience and threat detection in today’s evolving cyber landscape.

Facebook
X
LinkedIn
Picture of Fredrik Bjoerklund
Fredrik Bjoerklund
Fredrik Björklund serves as the CEO of Eye World, bringing with him over two decades of experience in internet-based industries. With a strong background in Internet and Cybersecurity, Fredrik is recognized as a seasoned expert in digital risk management, online infrastructure, and the ever-evolving cybersecurity landscape. His deep understanding of the digital world positions him as a trusted voice in the industry. As part of his leadership role, Fredrik will take an active position in curating and reporting on global cybersecurity developments. He will regularly update the Eye News Section with the latest insights, emerging threats, and critical updates in the cybersecurity domain, ensuring readers are well-informed in an increasingly digital and vulnerable world.

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2025 Eye World AB

Linkedin Youtube X-twitter

Products

Industries

Knowledge

About Us