Interlock Ransomware Group Claims Responsibility for Kettering Health Attack
The ransomware group Interlock has officially claimed responsibility for the recent cyberattack on Kettering Health, a network of hospitals, clinics, and medical centers in Ohio. The attack, which occurred two weeks ago, forced Kettering Health to shut down its computer systems and is still impacting operations.
Interlock, known for targeting US healthcare organizations since September 2024, announced on its dark web site that it stole over 940 gigabytes of data from Kettering Health. This claim confirms earlier reports linking Interlock to the breach, though the group had not publicly taken credit until now. This public announcement suggests potential difficulties in ransom negotiations.
Kettering Health previously stated it had not paid a ransom. A spokesperson for Kettering Health declined to comment on Interlock's claim. Interlock also did not respond to requests for comment.
Stolen Data Includes Sensitive Patient and Employee Information
A preliminary review of the leaked data reveals a wide range of sensitive information, including patient names, patient numbers, and clinical summaries containing details on mental status, medications, and health concerns. Employee data and the contents of shared drives were also compromised. One folder contains background files, polygraphs, and other private information belonging to officers of the Kettering Health Police Department.
Kettering Health recently announced a significant step towards recovery, restoring core components of its electronic health record system. This restoration allows for updating and accessing patient records, improving communication across care teams, and coordinating patient care.
While Kettering Health continues its recovery efforts, the Interlock attack underscores the growing threat of ransomware to the healthcare sector and the importance of robust cybersecurity measures.
