Kettering Health patients who had chemotherapy sessions and pre-surgery appointments canceled due to a ransomware attack in May now have to deal with the painful prospect that their personal info may have been leaked online.

Earlier today, [1]ransomware gang Interlock [2]dumped 941 GB of data purportedly belonging to the healthcare provider.

The stolen information appears to include ID cards, payment data, purchasing and financial reports, among a ton of other patient and staff details, and encompasses 732,490 files across 20,418 folders, according to the leak site.

[3]

The Register has not verified the data, and Kettering Health is not yet to confirm Interlock's claims. It's not known whether actual patient health data is among the purported leak. We will update this story when we hear back from the Ohio-based healthcare network.

[4]

[5]

Kettering Health [6]operates 14 medical centers and more than 120 outpatient facilities across western Ohio, with over 1,800 physicians and providers in its network.

On May 20, the healthcare company [7]disclosed a "system-wide technology outage" that "limited our ability to access certain patient care systems across the organization."

[8]

While emergency rooms and clinics remained open, there were reports of ambulances being [9]diverted to other hospitals and staff using [10]paper charting for patient care. Kettering also canceled elective inpatient and outpatient procedures, which reportedly included [11]cancer follow-up appointments and [12]MRIs .

Kettering officials later that day confirmed a "cybersecurity incident resulting from unauthorized access to our network" had caused the IT system shutdown. A subsequent report from CNN, citing a [13]ransom note reviewed at the scene , blamed Interlock ransomware for the intrusion, and said the note threatened to leak data unless the health network agreed to pay an extortion fee.

[14]Scottish council admits ransomware crooks stole school data

[15]Healthcare group Ascension discloses second cyberattack on patients' data

[16]SSNs and more on 5.5M+ patients feared stolen from Yale Health

[17]Ransomware scum have put a target on the no man's land between IT and operations

According to the healthcare org's most recent update about the tech outage, the company had restored core components of its Epic electronic health record (EHR) system on June 2.

"This launch reestablishes Kettering Health's ability to update and access electronic health records, facilitate communication across care teams, and coordinate patient care with greater speed and clarity," the notice said.

"Progress continues in bringing back online in- and outbound calling to Kettering Health facilities and practices, as well as MyChart for patients," it added.

[18]

So far this year alone, [19]26 ransomware attacks on US healthcare companies have been confirmed, and another 92 remain unconfirmed, according to Comparitech's research.

The research organization also tracked [20]17 confirmed attacks of Interlock ransomware since October 2024, and another 22 that were claimed by the criminals but not acknowledged by the purported victims.

Interlock was allegedly behind the April ransomware infection of [21]kidney dialysis firm DaVita , which also disrupted patient care and exposed 1.5TB of data. ®

Get our [22]Tech Resources



[1] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/

[2] https://bsky.app/profile/ecrime.ch/post/3lqrku4uuko2r

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aEDB6VOHEtX_xYHVt_agHwAAAJQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aEDB6VOHEtX_xYHVt_agHwAAAJQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aEDB6VOHEtX_xYHVt_agHwAAAJQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://ketteringhealth.org/

[7] https://ketteringhealth.org/kettering-health-earns-a-hospital-safety-grades-from-the-leapfrog-group/

[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aEDB6VOHEtX_xYHVt_agHwAAAJQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[9] https://www.reddit.com/r/dayton/comments/1kr68oc/comment/mtbe137/

[10] https://www.reddit.com/r/dayton/comments/1kr68oc/comment/mtd0f9s/?context=3

[11] https://www.reddit.com/r/dayton/comments/1kzakwk/comment/mv4fsbk/

[12] https://www.reddit.com/r/dayton/comments/1kzakwk/comment/mv49abq/

[13] https://www.cnn.com/2025/05/20/politics/ransomware-attack-medical-centers

[14] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/

[15] https://www.theregister.com/2025/05/01/ascension_cyberattack/

[16] https://www.theregister.com/2025/04/24/yale_new_haven_health_breach/

[17] https://www.theregister.com/2025/05/14/ransomware_targets_middle_systems_sans/

[18] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aEDB6VOHEtX_xYHVt_agHwAAAJQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[19] https://www.comparitech.com/ransomware-attack-map/

[20] https://www.comparitech.com/blog/information-security/global-ransomware-attacks/

[21] https://www.comparitech.com/news/ransomware-gang-interlock-claims-attack-on-kidney-dialysis-company-davita-1-5-tb-of-data-stolen/

[22] https://whitepapers.theregister.com/