Skip to main content

Kettering Health Ransomware Attack Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating the recent ransomware attack reported at Kettering Health, the Dayton, Ohio, healthcare network that operates 14 medical centers. The alleged cyberattack caused a system-wide technology outage and fears are growing that the bad actors acquired a large amount of personal and health information from current and former patients.

Contact our legal team if you believe your personal data may have been compromised as a result of this data security incident. Our Ohio attorneys have filed numerous data breach lawsuits on behalf of plaintiffs and we represent clients in a wide range of privacy litigation.

What happened at Kettering Health?

This recent cyber intrusion investigation is still ongoing, and more details should emerge in the coming weeks.  Kettering Health has been forthcoming, but the organization cannot yet confirm or deny that personal data was stolen. The healthcare system, however, did confirm that the outage was caused by a cyberattack.

Kettering Health manages emergency centers and over 120 outpatient facilities across western Ohio. In a statement published on its website, the entity confirmed that a cybersecurity attack has affectedthe call center and some patient care systems. After the May 20 cybersecurity incident disrupted the health system’s electronic systems, some patients were diverted to other hospitals.

A statement posted on the Kettering website reads, “We are currently experiencing a cybersecurity incident resulting from unauthorized access to our network. We have taken steps to contain and mitigate this activity and are actively investigating and monitoring the situation. We will continue to provide updates as appropriate.”

Cyber threat intelligence company PRODAFT told BleepingComputer that Nefarious Mantis (part of the Interlock cluster) may be behind the Kettering Health breach. Nefarious Mantis is apparently known for targeting healthcare and biotechnology organizations. CNN also reported that the Interlock ransomware operation could be responsible for the attack. Kettering has already reported receiving notifications of individuals impersonating its staff and requesting credit card payments for medical expenses.