Ransomware gang claims responsibility for health hackers

A ransomware gang claims responsibility for Kettering Health in Ohio's network of hospitals, clinics and medical centers. The healthcare system is still recovering two weeks after the ransomware attack forced it to shut down all computer systems.

It is a relatively new ransomware group Interlock group that has targeted healthcare organizations in the U.S. since September 2024, and he published an article on its official Dark Web site claiming to have stolen more than 940 GB of data from Kettering Health.

CNN first reported on May 20 that the Internet violated Kettering's health. However, at the time, Interlock did not publicly praise it. Often, this could mean that cybercriminals are trying to extort ransom from their victims, threatening to release the stolen data. The fact that Interlock has stepped up now may indicate that negotiations are everywhere.

Contact Us

Do you have more information about the ransomware incidents in Kettering Health? Or other ransomware attacks? With non-working devices and networks, you can contact Lorenzo Franceschi-Bicchierai in a signal on +1 917 257 1382, or via Telegram and KeyBase @lorenzofb or email.

John Weimer, senior vice president of emergency operations at Kettering Health, had previously told local media that health care companies have not yet ransomed the hacker.

TK is a spokesperson for Kettering Health, and when TechCrunch commented on Wednesday, TK did not comment.

Interlock does not respond to a request for comment sent to the email addresses listed on its dark website.

A brief review of some of the documents posted on its dark website appears to suggest that hackers are able to steal a range of data from Kettering Health’s internal network, including private health information written by doctors, such as patient names, patient numbers and clinical summary, including categories such as mental status, medications, health issues and other patient data. Other stolen data include employee data and content on shared drives.

One of the folders contains documents such as background files, lie detectors and other privately identified police information from the Health Police Department.

On Monday, Kettering Health released the latest news about the cyber attack, saying the company was able to recover the “core components” of its electronic health record system, provided by healthcare software company Epic. The company said it is an “important milestone in our broader recovery efforts and a crucial step towards normal operations”, which allows it to “update and access electronic health records, facilitate communication across care teams, and coordinate patient care at higher speeds and clarity.”