Kettering Health, a network with numerous medical and emergency centers in Ohio, is working to recover and return to normal operation two weeks after ransomware attacks prompt a “system-wide technology outage.”
Kettering Health said in an update on Monday that it has restored the “core components” of the electronic health record system provided by EPIC.
A patient who said he frequently relies on Kettering Health told TechCrunch that they and others were unable to call the doctor's office, problems with restocking medications, and several emergency rooms were closed.
“It's all done with hand pens and paper,” the patient said.
Do you have more information about the Kettering Health ransomware incident? Or other ransomware attacks? From unprocessed devices and networks, you can safely contact Lorenzo Franceschi-Bicchierai with a signal of +1 917 257 1382, via Telegram and Keybase @lorenzofb, or by email.
Others say these issues must be addressed in local subreddits. For example, a Subreddit post in Dayton, Ohio said that patients had problems with drug restocking, but without it there was a risk of a “withdrawal attack” and could not call the doctor because the phone line had dropped. Another wrote over the weekend, “It's all still on paper, and there's no computers or any uneven phone service.”
“I avoid using kettering if possible,” they wrote.
Another user said, “An ambulances avoid kettering because they have to take too long to throw away patients for paper charting and labeling.”
Others said MRI, cancer follow-up, pre-opening heart surgery examinations and chemotherapy sessions had been cancelled.
Last week, John Weimer, senior vice president of emergency operations at Kettering Health, told local television stations that the healthcare company believes the incident was a ransomware attack and has not paid the ransom.
“As soon as this happened, we shut down our IT infrastructure, which essentially means blocking the door to the world,” Weimer told WLWT Cincinnati.
A Kettering Health spokesman did not respond to a series of questions from TechCrunch, including whether the hackers removed the data, and, if so, what kind of data was retrieved.
“Your network has been compromised and you've secured the most important files,” says a ransom memo from hackers. The news network reported that the attack was carried out by a gang known as interlocks. The ransomware gang has yet to publicly praise the cyber attacks, suggesting that hackers may be trying to negotiate ransom payments.
Kettering is the latest in a range of healthcare companies targeted by hackers with both ransomware and other types of malware. In 2024, ransomware attacks on changes to a health technology company owned by UnitedHealth became the worst healthcare breach in US history. The HealthCare change confirmed in January 2025 that the violation affected 109 million people across the United States.
And last year, US healthcare giant Ascension revealed that hackers stole 5.6 million patient records in ransomware attacks. The Healthcare News website, HIPAA Journal, was called the 2024 “Annus horribilis for Healthcare Data Breaches,” and was a record number of patients stolen data.
Kettering Health spokesman Claire Myree confirmed, but did not respond to TechCrunch's request for comment.