A ransomware group called Interlock has claimed responsibility for a major cyberattack on Kettering Health, a network of hospitals and clinics in Ohio.
The healthcare system is still trying to recover, two weeks after the attack forced it to shut down all its computer systems.
Interlock is a relatively new ransomware group that has been targeting U.S. healthcare organizations since September 2024. On its dark website, the group claimed to have stolen more than 940 gigabytes of data from Kettering Health, including sensitive patient and employee information.
CNN had first reported on May 20 that Interlock was likely behind the attack, but at the time, the group had not taken public responsibility. Cybercriminals often stay quiet while trying to negotiate a ransom, and the recent post could mean that negotiations with Kettering Health failed.
So far, Kettering Health has not paid any ransom. John Weimer, the company’s senior vice president of emergency operations, previously told local media that no payment had been made to the hackers. When contacted by TechCrunch, the company declined to comment on the latest development.
A review of the leaked files shows that Interlock may have accessed a wide range of data, including patients’ names, medical summaries, mental health notes, medications, and other sensitive health records. Employee data and shared files were also reportedly stolen. One folder even contains documents related to police officers from the Kettering Health Police Department, such as background checks and polygraph results.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
On Monday, Kettering Health provided an update, stating that it had restored important parts of its electronic health record system powered by Epic. The company called this a major step in returning to normal operations, as it allows healthcare teams to access and update patient records, communicate better, and coordinate care more efficiently.
