Kettering Health has fallen victim to a cyberattack which resulted in system-wide technology failures and cancellations of patient procedures. This is the latest attack on vulnerable healthcare institutions in the U.S.
“While we recognize this process has not been seamless, we ask for everyone’s patience while we continue to work through this issue,” the company indicates in a statement.
The Interlock Ransomware group is suspected to be the culprit of the attack, as they are threatening to leak the information stolen if a ransom is not paid. The group is known for targeting US healthcare organizations and deploying ransomware after gathering intelligence inside the networks.
Looking into this matter for Digital Journal is Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka,.
Sood begins by setting out the background to the incident: “Kettering Health was the victim of a cyberattack, which forced the healthcare network to cancel inpatient and outpatient procedures due to system-wide technology outages. The Interlock ransomware group is likely the culprit of the attack, and they are threatening to release the stolen information if a ransom is not negotiated.”
Sood adds that: “While the organization has yet to confirm specific details of the attacks, including whether or not any patient data was stolen, it has confirmed that scammers impersonating Kettering Health employees have called patients and requested credit card information for medical payments.”
There are some important issues to be drawn from the incident that impact on healthcare and other sectors. Stood addresses these: “The broader implications of ransomware attacks on critical healthcare organizations like Kettering Health extend far beyond IT disruptions—they pose serious risks to patient safety, public health, and national resilience.“
For healthcare specifically, Sood notes: “When clinical systems are locked or data is compromised, essential treatments can be delayed, diagnostics interrupted, and emergency responses hindered. The potential loss of life in such situations underscores the urgency of the situation. These incidents also often expose sensitive patient information, triggering regulatory scrutiny and eroding public trust.”
There are other factors to be drawn out: “Moreover, they highlight systemic vulnerabilities across the healthcare ecosystem, including outdated infrastructure, insufficient cyber hygiene, and under-resourced security teams, making the sector a persistent and appealing target for sophisticated threat actors.”
In terms of the wider preventative measures needed, Stood advises: “To defend against ransomware attacks, healthcare entities must adopt a proactive security posture. This includes implementing Zero Trust (ZT) architecture, segmenting networks, and patching vulnerabilities promptly.”
Sood additionally recommends: “Maintaining regular offline backups is one of the most crucial steps in data protection to combat the severe impacts of ransomware attacks. Prioritizing encryption, having a clear incident response, and fostering a privacy-focused culture are non-negotiable for protecting patient health information. By self-regulating and always considering the potential downstream effects of data sharing, organizations can prioritize their own privacy and ensure that critical patient procedures are not impacted by cyberattacks.”
