Ransomware Attack Causes System-Wide Outage at Kettering Health

Kettering Health, a major healthcare provider in Ohio, suffered a significant system-wide technology outage on Tuesday, May 20, 2025, following a ransomware attack that compromised its network infrastructure.

The incident, described as a “cybersecurity incident resulting from unauthorized access,” led to the immediate cancellation of all elective inpatient and outpatient procedures across its 14 medical centers and more than 120 outpatient facilities.

The outage also brought down the hospital’s call center and patient portal, MyChart, limiting patient communication and access to health information.

A ransom note, reportedly left by the attackers and reviewed by multiple news outlets, stated, “Your network has been breached, and we have taken control of your most crucial files,” threatening to leak sensitive data online unless negotiations for payment begin.

The ransomware group Interlock is believed to be behind the attack, using advanced techniques to lock down critical systems and demand extortion.

Impact on Patient Care and Emergency Response

The outage severely limited access to key patient care systems, including the Electronic Health Record (EHR) system, disrupting clinicians’ ability to retrieve or update patient data.

As a result, Kettering Health activated its downtime procedures, reverting to manual documentation methods to maintain continuity of care for patients currently admitted.

According to health IT definitions, such an event qualifies as a “cybersecurity incident,” involving unauthorized hacking and malicious code that adversely affects system availability and operability.

While elective procedures were postponed and will be rescheduled, emergency rooms and clinics remained operational.

However, the disruption prompted local emergency services to divert ambulances to alternative hospitals, such as those in the Premier Health Network, to manage patient flow and ensure critical care was not compromised.

Premier Health declared a “code yellow,” anticipating increased patient volumes due to these diversions.

Kettering Health emphasized its commitment to patient safety, stating, “We have procedures and plans in place for these types of situations and will continue to provide safe, high-quality care for patients currently in our facilities”.

The Greater Dayton Area Hospital Association highlighted the importance of preparedness, noting that hospitals regularly train for digital disruptions through coordinated drills and downtime protocols.

Technical Aspects and Recovery Efforts

The ransomware attack leveraged sophisticated malware to gain unauthorized access, encrypting vital data and potentially exfiltrating sensitive information for additional leverage.

Such attacks often exploit vulnerabilities in network segmentation, outdated software, and insufficient backup strategies, as seen in similar incidents worldwide.

The malware’s adaptive encryption and evasion tactics made detection and containment challenging, necessitating the involvement of third-party cybersecurity experts to assist in recovery and forensic analysis.

Kettering Health’s IT and leadership teams are actively working to restore services “quickly and securely,” collaborating with cybersecurity firms to contain the breach and investigate its scope.

The organization has also warned the public about unrelated scam calls requesting payment for medical expenses, urging vigilance and reporting of suspicious activity to law enforcement.

As the investigation continues, Kettering Health will provide ongoing updates to the community.

The incident underscores the growing threat of ransomware in the healthcare sector, where operational continuity and patient safety hinge on robust cybersecurity measures and rapid incident response protocols.

For further updates, patients and community members are encouraged to visit the official Kettering Health website.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates