Ransomware gang claims responsibility for Kettering Health hack

A ransomware collective has publicly acknowledged its role in the cyberattack on Kettering Health, a network of hospitals and medical facilities located in Ohio. This incident, which occurred two weeks ago, has left the healthcare system grappling with the aftermath as it works to restore its computer systems that were forcibly shut down. The group, known as Interlock, emerged on the scene last September, specifically targeting U.S. healthcare organizations. They announced on their dark web platform that they had successfully exfiltrated over 940 gigabytes of sensitive data from Kettering Health. CNN initially reported on May 20 that Interlock was linked to the breach, although the group had yet to claim responsibility at that time. Typically, a delay in claiming responsibility suggests that the perpetrators are attempting to negotiate a ransom while threatening to release the stolen data. Interlock's recent admission may imply that these negotiations have stalled. John Weimer, Kettering Health’s senior vice president of emergency operations, previously stated that the organization has not paid any ransom to the hackers. Kettering Health's spokesperson, TK, declined to comment when approached by TechCrunch. Meanwhile, Interlock did not respond to inquiries sent to the email address listed on their dark web site. A preliminary analysis of the leaked files indicates that the hackers accessed a wide range of information from Kettering Health’s internal network, including private health records such as patient names, identification numbers, and clinical summaries from medical professionals, detailing aspects like mental status, medication, and health concerns. The stolen data also encompasses employee information and contents from shared drives, with some folders containing sensitive documents related to the Kettering Health Police Department, including background checks and polygraph results. In a recent update regarding the cyberattack, Kettering Health announced that it has successfully restored key components of its electronic health record system, provided by Epic Systems. This achievement is deemed a significant milestone in the organization's recovery efforts and is crucial for resuming normal operations, enabling improved access to electronic health records and enhancing coordination of patient care among medical teams.