Kettering Health Ransomware Attack: Ongoing Disruptions

Kettering Health System Recovery Efforts Continue After Cyberattack

Two weeks following a significant ransomware attack, Kettering Health, a large network encompassing numerous medical and emergency facilities throughout Ohio, is actively engaged in restoration and a return to standard operational procedures. The incident initially caused “a system-wide technology outage.”

Restoration of Core Systems

In a recent update issued on Monday, Kettering Health announced the successful restoration of “core components” within its electronic health record (EHR) system, provided by Epic. This achievement has re-enabled the organization’s capacity to update and access patient records.

Furthermore, the restoration facilitates improved communication between care teams and enhances overall patient care coordination.

Patient Experiences and Reported Disruptions

A frequent Kettering Health patient reported to TechCrunch that numerous difficulties are being experienced. These include an inability to contact doctors’ offices, challenges in obtaining prescription refills, and temporary closures of certain emergency departments.

Currently, many processes are being conducted manually, relying on traditional pen-and-paper methods.

Community Reports and Concerns

Similar issues are being discussed on local online forums. A post on the Dayton, Ohio, subreddit detailed a patient’s struggle to refill a crucial medication, risking a “withdrawal seizure” due to unavailable phone lines for contacting their physician.

Another user reported ongoing reliance on paper-based systems, coupled with unreliable phone service over the weekend.

“Avoiding Kettering Health is advisable at this time, if feasible,” one individual suggested.

Concerns were also raised regarding ambulance diversion, with reports indicating extended wait times for patient transfer due to the shift to paper charting and labeling.

Impact on Scheduled Procedures

Patients have reported cancellations of important medical appointments, including MRI scans, cancer follow-up visits, pre-operative testing for open-heart surgery, and chemotherapy sessions.

Incident Confirmation and Ransomware Details

John Weimer, Kettering Health’s senior vice president of emergency operations, confirmed to a local television station that the incident was identified as a ransomware attack. He also stated that no ransom payment was made.

“Upon recognizing the threat, we immediately isolated our IT infrastructure, effectively disconnecting from external networks,” Weimer explained to WLWT Cincinnati.

Data Breach Concerns and Hacker Group

Kettering Health’s spokesperson has not yet responded to inquiries from TechCrunch regarding potential data exfiltration by the attackers and the specific types of data compromised.

According to CNN, the hackers’ ransom note stated, “Your network was compromised, and we have secured your most vital files.” The attack is attributed to a group known as Interlock.

The Interlock ransomware gang has not publicly claimed responsibility, potentially indicating ongoing ransom negotiations.

Recent Trends in Healthcare Cyberattacks

Kettering Health is the latest healthcare organization to be targeted by cybercriminals. The 2024 attack on Change Healthcare, a subsidiary of UnitedHealth, resulted in the most significant healthcare data breach in U.S. history.

Change Healthcare confirmed in January 2025 that approximately 190 million individuals were affected by the breach.

In 2024, Ascension, a major U.S. healthcare provider, disclosed that hackers had stolen 5.6 million patient records during a ransomware attack.

Healthcare news source The HIPAA Journal characterized 2024 as “an annus horribilis for healthcare data breaches,” citing a record number of compromised patient records.