Kettering Health, a prominent healthcare network operating numerous medical and emergency centers across Ohio, continues to grapple with the aftermath of a significant ransomware attack that occurred two weeks ago. The cyber assault led to a comprehensive technology outage, severely impacting the organization’s operations and patient services.
Incident Overview
The ransomware attack, identified as originating from the Interlock group, resulted in the encryption of critical systems within Kettering Health’s infrastructure. The attackers left a ransom note stating, Your network was compromised, and we have secured your most vital files, indicating their control over essential data and systems. Despite the severity of the situation, Kettering Health’s senior vice president of emergency operations, John Weimer, confirmed that the organization has not paid any ransom. In response to the attack, the IT infrastructure was promptly shut down to prevent further infiltration.
Operational Impact
The cyberattack has had a profound effect on Kettering Health’s daily operations. Patients have reported significant disruptions, including difficulties in contacting doctors’ offices, challenges in obtaining medication refills, and the closure of certain emergency rooms. The reliance on manual processes, such as pen and paper documentation, has further complicated service delivery. Local community forums have been inundated with accounts of canceled medical procedures, including MRIs, cancer follow-ups, pre-surgical tests, and chemotherapy sessions. Additionally, emergency medical services have been rerouting ambulances to avoid delays associated with manual charting and labeling processes.
Recovery Efforts
In an effort to restore normalcy, Kettering Health announced the successful restoration of core components of its electronic health record (EHR) system provided by Epic. This restoration is a critical step toward re-establishing the organization’s ability to update and access electronic health records, facilitate communication across care teams, and coordinate patient care effectively. However, the full recovery process is ongoing, and certain services remain affected as the organization works diligently to bring all systems back online.
Broader Context
The attack on Kettering Health is part of a troubling trend of ransomware incidents targeting healthcare institutions. In March 2025, the Community Health Center in Connecticut disclosed a data breach affecting over one million individuals, exposing sensitive personal and health information. Similarly, in April 2025, DaVita Inc., a major healthcare provider in the United States, was targeted by the Interlock ransomware group, resulting in the theft of 1.5 terabytes of data. These incidents underscore the escalating cyber threats facing the healthcare sector and the critical need for robust cybersecurity measures.
Implications and Recommendations
The persistent disruptions at Kettering Health highlight the severe consequences of ransomware attacks on healthcare services. Such incidents not only compromise patient care but also erode trust in healthcare institutions. To mitigate these risks, healthcare organizations must prioritize the implementation of comprehensive cybersecurity strategies, including regular system updates, employee training on phishing and other cyber threats, and the development of incident response plans. Collaboration with cybersecurity experts and adherence to industry best practices are essential to fortify defenses against future attacks.
Conclusion
As Kettering Health continues its recovery journey, the incident serves as a stark reminder of the vulnerabilities within the healthcare sector to cyber threats. The organization’s experience underscores the importance of proactive cybersecurity measures and the need for continuous vigilance to protect sensitive patient data and ensure the uninterrupted delivery of healthcare services.
