Kettering Well being, a community with dozens of medical and emergency facilities in Ohio, remains to be working to recuperate and return to regular operations two weeks after a ransomware assault prompted “a system-wide know-how outage.”
On Monday, Kettering Well being stated in an replace that it had restored “core elements” of its digital well being report system offered by Epic, which re-established the corporate’s “means to replace and entry digital well being information, facilitate communication throughout care groups, and coordinate affected person care.”
A affected person who stated they steadily depend on Kettering Well being informed information.killnetswitch that they and others can’t name into docs’ places of work, are having bother getting treatment refills, and a few emergency rooms are closed.
“All the pieces is being completed by hand pen and paper,” the affected person stated.
Contact Us
Do you will have extra details about Kettering Well being’s ransomware incident? Or different ransomware assaults? From a non-work machine and community, you may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or through Telegram and Keybase @lorenzofb, or electronic mail.
Others say they’re having to cope with these points on native subreddits. In a submit on the Dayton, Ohio, subreddit, for instance, a affected person stated they have been having bother refilling treatment, with out which they risked having “a withdrawal seizure,” and couldn’t name their physician as a result of cellphone traces have been down. One other individual wrote over the weekend that “all the pieces remains to be on paper, no computer systems and spotty cellphone service.”
“I’d keep away from utilizing Kettering proper now if doable,” they wrote.
One other consumer stated that “ambulances are nonetheless avoiding Kettering as a result of they’ve to attend too lengthy to dump sufferers resulting from paper charting and label making.”
Others stated they’d their MRIs, most cancers followups, assessments earlier than open-heart surgical procedure, and chemotherapy classes cancelled.
Final week, Kettering Well being’s senior vice chairman of emergency operations John Weimer informed an area TV station that the healthcare firm believed the incident was a ransomware assault, and that it had not paid a ransom.
“As quickly as this was realized, we did shut down our IT infrastructure, which basically means we shut off our door to the world,” Weimer informed WLWT Cincinnati.
A spokesperson for Kettering Well being didn’t reply to a sequence of questions from information.killnetswitch, together with whether or not the hackers exfiltrated knowledge, and in that case, what varieties of knowledge have been taken.
“Your community was compromised, and we’ve secured your most important information,” stated the ransom observe from the hackers, based on CNN. The information community reported that the assault was carried out by a gang referred to as Interlock. The ransomware gang has not but publicly taken credit score for the cyberattack, suggesting the hackers should still be making an attempt to barter a ransom cost.
Kettering is the most recent in a sequence of healthcare corporations focused by hackers, each with ransomware and different varieties of malware. In 2024, a ransomware assault on UnitedHealth-owned well being tech firm Change Healthcare turned the worst healthcare breach in U.S. historical past. Change Healthcare confirmed in January 2025 that the breach impacted 190 million folks throughout the USA.
Additionally final yr, U.S. healthcare large Ascension disclosed that hackers had stolen 5.6 million affected person information in a ransomware assault. Healthcare information web site HIPAA Journal referred to as 2024 “an annus horribilis for healthcare data breaches,” with a report variety of sufferers’ stolen knowledge.
Kettering Well being spokesperson Claire Myree acknowledged however didn’t reply to information.killnetswitch’s request for remark.
