The ransomware gang argued for responsibility for the Hacks of Kettering Health, a network of Ohio hospitals, clinics and medical centers. Healthcare systems are still recovering two weeks after a ransomware attack forced them to shut down all their computer systems.
Interlock, a relatively new ransomware group that has targeted US healthcare institutions since September 2024, has published a post on its official dark website, claiming it had stolen more than 940 gigabytes of data from Kettering Health.
CNN first reported on May 20 that interlocks were behind a violation of Kettering Health. However, at the time, Interlock had no public credibility. Usually, that means that cybercriminals are trying to force a ransom from the victim and threaten to release the stolen data. The fact that interlocks are coming in the future could indicate that negotiations are not going anywhere.
Do you have more information about the Kettering Health ransomware incident? Or other ransomware attacks? From unprocessed devices and networks, you can safely contact Lorenzo Franceschi-Bicchierai with a signal of +1 917 257 1382, via Telegram and Keybase @lorenzofb, or by email.
John Weimer, Kettering Health's Senior Vice President of Emergency Business, told local media that healthcare companies had not previously paid ransom to hackers.
Kettering Health spokesman TK did not provide any comment when TechCrunch reached on Wednesday.
Interlock did not respond to requests for comments sent to email addresses listed on its dark website.
A brief review of some files in some file interlocks published on dark websites appears to indicate that hackers were able to steal a set of data from Kettering Health's internal network, including private health information written by doctors, including categories such as mental state, medicine, medical, health concerns, and other categories. Other stolen data include employee data and the contents of the shared drive.
One of the folders contains documents such as background files, polygraphs, and other personal identification information from police officers at the Kettering Health Police Station.
Kettering Health released an update on Monday about the cyberattacks, saying the company can restore “core components” of the electronic health records system provided by healthcare software company Epic. The company said this is “a major milestone in our broader restoration efforts and an important step to return to normal operations.” This allowed us to “renew and access electronic health records, promote communication between care teams, and adjust patient care more quickly and clearly.”