Ransomware Gang Leaks Alleged Kettering Health Data

Ransomware Gang Leaks Alleged Kettering Health Data

The Interlock ransomware gang has published 941 GB of data allegedly stolen from the Ohio healthcare network Kettering Health.

Roughly two weeks ago, the non-profit organization announced cancelling patient procedures while dealing with a system-wide outage caused by a cyberattack.

The incident made certain patient care systems across the network inaccessible and impacted the organization’s call center, but the healthcare provider kept emergency rooms and clinics open.

Within a week, Kettering Health announced that patients could come to their appointments as scheduled, and that walk-in care could be provided to established patients.

After progressively restoring the full operations of emergency departments and other patient care services, the organization said on Monday that it “successfully launched the core components of its Epic electronic health record (EHR) system”.

“This launch reestablishes Kettering Health’s ability to update and access electronic health records, facilitate communication across care teams, and coordinate patient care with greater speed and clarity. This is a significant step forward in our system-wide restoration,” the organization said.

On Wednesday, the Interlock group added Kettering Health to its Tor-based leak site, confirming initial speculation that it was responsible for the attack.

While the healthcare provider has kept mum on the type of cyberattack it fell victim to, it appears that it did not give in to the threat actor’s extortion attempts and did not pay a ransom.

Interlock boasted about stealing 941 GB of data from the organization, including ID cards, financial reports, payment data, and more. In total, 732,490 files across 20,418 folders were exfiltrated, the ransomware group claims.

Advertisement. Scroll to continue reading.

SecurityWeek has emailed Kettering Health for a statement and will update this article if the organization responds.

Active since at least October 2024, Interlock is believed to have made roughly 40 victims to date, including kidney dialysis firm DaVita, National Presto Industries, and Texas Tech University. NodeSnake RAT infections at two universities in the UK appear linked to Interlock as well.

Related: MATLAB Maker MathWorks Recovering From Ransomware Attack

Related: Australia Enforces Ransomware Payment Reporting

Related: Alleged Conti, TrickBot Gang Leader Unmasked

Related: Production at Steelmaker Nucor Disrupted by Cyberattack


Source link