A ransomware group known as Interlock has publicly claimed responsibility for a recent cyberattack targeting Kettering Health, a prominent healthcare network that operates multiple hospitals, clinics, and medical facilities across Ohio. Nearly two weeks after the security breach initially forced Kettering Health to shut down all computer systems, the healthcare provider continues to grapple with the repercussions.
Interlock, considered a newer actor among ransomware gangs, has been actively targeting healthcare organizations within the United States since September 2024. On a dark web posting, the group boasted of seizing more than 940 gigabytes of data in the Kettering breach, offering selected materials online as proof of their exploit. Prior reports had indicated suspicion around Interlock’s involvement, but until recently, the group had refrained from openly acknowledging accountability. Cybersecurity analysts say that such delayed statements often indicate stalled ransom negotiations.
Earlier, Kettering Health’s Senior Vice President of Emergency Operations, John Weimer, publicly announced that the healthcare company would not pay ransom demands. The organization’s spokesperson, reached for additional details, declined to provide further comment regarding the incident.
Meanwhile, Interlock has also not replied to media inquiries sent via channels listed on their dark web communications portal.
An initial review of the data samples released by Interlock suggests the attackers accessed extensive personal and sensitive information. Among the compromised records are confidential patient details including individuals’ names, patient numbers, and doctors’ clinical summaries, covering subjects like medication regimens, mental health evaluations, and record of health concerns. Additionally, files containing employee records and internal shared drive contents appear among the leaked files.
One of the more troubling disclosures reveals personal documentation—such as background checks, polygraph test results, and other identifying details—pertaining to officers employed with the Kettering Health Police Department.
In its most recent status update, Kettering Health confirmed significant progress in restoring critical segments of its electronic health record (EHR) system, managed by Epic, a leading healthcare software provider. Kettering’s statement described this milestone as a vital turning point toward normal operations, facilitating enhanced patient care coordination, improved communication among healthcare teams, and swifter access to updated health information.
