Ransomware gang claims responsibility for Kettering Health hack

Summary

A ransomware gang claimed responsibility for the hack on Kettering Health, a network of hospitals, clinics, and medical centers in Ohio. The healthcare system is still recovering two weeks after the ransomware attack forced it to shut down all its computer systems. Interlock, a relatively new ransomware group that has targeted healthcare organizations in the U.S. since September 2024, published a post on its official dark web site, claiming to have stolen more than 940 gigabytes of data from Kettering Health. CNN first reported on May 20 that Interlock was behind the breach on Kettering Health. At the time, however, Interlock had not publicly taken credit. Usually, that can mean the cybercriminals are attempting to extort a ransom from their victims, threatening to release stolen data. The fact that Interlock has now come forward could indicate that the negotiations have gone nowhere. Contact Us Do you have more information about Kettering Health’s ransomware incident? Or other ransomware attacks? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Kettering Health’s senior vice president of emergency operations, John Weimer, previously told local media that the healthcare company had not paid the hackers a ransom. TK, a spokesperson for Kettering Health, did not provide comment when reached by TechCrunch on Wednesday. Interlock did not respond to a request for comment sent to an email address listed on its dark web site. A brief review of some of the files Interlock published on its dark web site appears to show the hackers were able to steal an array of data from Kettering Health’s internal network, including private health information, such as patient names, patient numbers, and clinical summaries written by doctors, which include categories such as mental status, medications, health concerns, and other categories of patient data. Other stolen da...