Ransom demanded, emergency care diverted as Kettering Health reels from cyberattack
Kettering Health, a large Christian-based nonprofit healthcare system in Ohio, alerted the public on Tuesday to cyberattack that effectively shut its IT systems down, causing outpatient care to be delayed. At the time, patients also reported receiving spam phone calls from imposters claiming to be representatives of the hospital and seeking payments for medical debts.
On Thursday evening, Kettering released an update, revealing that it’s still working to get its network back online. It also addressed concerns that hackers gained access to personal data, especially given the spam calls. It did not address whether data in its EHR had been exposed; however, the health system said it believes its patient portal is secure.
“We have no evidence that personal cellphone apps like MyChart or the information in them have been compromised,” the post on its website reads, adding that Kettering Health “will never reach out to staff or patients via social media.”
It did not say if patients had been receiving scam messages through the portal or on social media, in addition to the phone calls. Kettering maintains that the scam calls may not be related to its IT outage.
HealthExec reached out for more details, asking about patient data being exposed to hackers and whether Kettering can confirm the nature of the cyberattack. However, we did not receive a reply.
As of publication time on Thursday, its phone systems and the MyChart mobile app remain down.
Ransom demanded
CNN reported—based on a notice it obtained—that the data breach involved the deployment of ransomware. The notice was apparently written by the hackers and sent to staff at Kettering.
“Your network was compromised, and we have secured your most vital files,” CNN quotes the ransom message as saying. The outlet added that the cybercriminals threatened to leak stolen data, unless the health network begins negotiating to pay a fee.
No specifics on monetary demands were revealed in the media report. The health system has not confirmed it was extorted or that any ransom was paid.
The ransom group responsible has identified itself as Interlock, according to the statement reviewed by CNN. Interlock is a well-known cybercrime cell that frequently targets larger organizations in both the public and private sectors.
In its updated statements online, Kettering said it’s working to reschedule outpatient care, prioritizing the operations of its emergency services. However, local media at WHIOTV7 reported fire departments and ambulances have had to divert emergency calls to other facilities as Kettering is strained by the technology outage.
This is a developing story. Ongoing updates from Kettering can be viewed on their website by clicking here.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.