Opened digital padlock showing ransomware attack caused system outage

System Outage From an Apparent Interlock Ransomware Attack Disrupts Operations at Kettering Health

A system outage stemming from an apparent ransomware attack disrupted clinical operations at Kettering Health, forcing the healthcare network to cancel and reschedule elective operations.

According to its website, Kettering Health operates a network of 14 medical centers and over 120 outpatient facilities across Ohio, employing more than 15,000 people, including over 1,800 physicians.

“Earlier this morning, Kettering Health experienced a system-wide technology outage which limited our ability to access certain patient care systems across the organization,” the healthcare provider stated.

Kettering responded by engaging multiple teams to restore the impacted systems and promising that it had existing resiliency plans to address similar incidents and ensure “safe, high-quality care for patients.”

System outage disrupts clinical operations at Kettering Health

While Kettering promised continued service delivery, it later announced the indefinite cancellation and rescheduling of elective inpatient and outpatient procedures due to the system outage.

“Elective inpatient and outpatient procedures at Kettering Health facilities have been canceled for today, Tuesday, May 20. These procedures will be rescheduled for a later date and more information will be provided on this as updates are available,” the company said.

Kettering Health CEO Mike Gentry later clarified that the delay would typically take between 10 and 20 days, and the system outage primarily affected appointments made through IT systems.

The healthcare network also reported that the system outage had rendered its call center unavailable, suggesting that the ransomware attack was worse than initially thought. Three days later, Kettering provided temporary lines for patients with emergency medical questions.

“The broader implications of ransomware attacks on critical healthcare organizations like Kettering Health extend far beyond IT disruptions—they pose serious risks to patient safety, public health, and national resilience,” noted Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka. “When clinical systems are locked or data is compromised, essential treatments can be delayed, diagnostics interrupted, and emergency responses hindered.”

Meanwhile, its emergency rooms and clinics continued to operate normally and attend to patients due to the implementation of downtime processes and procedures. Kettering Health also promised that its teams were working relentlessly to resolve the system outage.

It also warned potential victims about scammers impersonating its staff and requesting financial information, such as credit card numbers, to settle medical expenses.

“While it is customary for Kettering Health to contact patients by phone to discuss payment options for medical bills, out of an abundance of caution, we will not be making calls to ask for or receive payment over the phone until further notice,” said Kettering Health.

It remains unclear if patient information was leaked during the apparent ransomware attack or whether the ongoing scam was related to the cyber incident. Nonetheless, Kettering Health advised individuals receiving scam calls to report them to law enforcement authorities.

Interlock attributed to the Kettering ransomware attack

So far, the Ohio-based healthcare provider has not attributed the system outage to a ransomware attack. Similarly, the identity of the threat actor behind the system outage also remains unreported, and no group has claimed responsibility for the apparent Kettering ransomware attack.

However, third-party sources have attributed the Kettering ransomware attack to the Interlock ransomware group.

“Your network was compromised, and we have secured your most vital files,” reads the ransom note seen by CNN.

However, Kettering refused to comment about the threat actor’s identity, and the ransomware group has not publicly taken responsibility, suggesting that ransom negotiations were ongoing.

“Healthcare organizations like Kettering store a wealth of data – personal, medical and financial – making them lucrative targets for cybercriminals,” said Patrick Tiquet, Vice President, Security & Architecture at Keeper Security. “Healthcare organizations often operate under intense time pressure and limited resources, prioritizing patient care over cybersecurity investments. The combination of high-value data, operational urgency and budget constraints creates an ideal attack surface for threat actors, making cybersecurity a non-negotiable imperative for any healthcare organization.”