Kettering Health Struggles to Recover Weeks After Ransomware Attack

Kettering Health, a major healthcare network in Ohio, is still recovering from a ransomware attack that caused a system-wide technology outage nearly two weeks ago. This cyberattack severely disrupted their electronic health record (EHR) systems, forcing staff to revert to manual, paper-based processes to manage patient care.

On Monday, Kettering Health announced the restoration of core components of their Epic EHR system, enabling them to update and access electronic health records again. This restoration is crucial for facilitating communication among care teams and coordinating patient treatment effectively.

However, patients continue to face significant challenges. Many report being unable to call doctors’ offices, difficulties obtaining medication refills, and closures of some emergency rooms. One patient described the situation as "everything being done by hand pen and paper," underscoring the operational strain on healthcare staff.

Local community forums reveal further impacts: patients risk withdrawal seizures due to delayed medication refills, ambulances avoid Kettering due to slow patient intake, and critical procedures like MRIs, cancer follow-ups, and chemotherapy sessions have been canceled or postponed.

Kettering Health’s senior vice president of emergency operations confirmed the incident as a ransomware attack and stated that no ransom was paid. The organization proactively shut down its IT infrastructure to contain the breach. The ransomware gang, reportedly called Interlock, has not publicly claimed responsibility, suggesting ongoing ransom negotiations.

This attack is part of a disturbing trend targeting healthcare providers. In 2024, Change Healthcare suffered the largest healthcare data breach in U.S. history, affecting 190 million people. Similarly, Ascension disclosed a ransomware attack that compromised 5.6 million patient records. Experts describe 2024 as an "annus horribilis" for healthcare cybersecurity.

The Kettering Health incident highlights the critical need for robust cybersecurity measures in healthcare. The reliance on electronic systems for patient care coordination means that any disruption can have life-threatening consequences. As ransomware attacks grow more sophisticated, healthcare organizations must prioritize resilience and rapid recovery strategies.

Lessons from Kettering Health’s Ransomware Attack

Healthcare providers can draw several key lessons from this incident:

• Implement comprehensive cybersecurity protocols including regular system audits and employee training to prevent breaches.
• Develop and routinely test incident response plans to minimize downtime and maintain critical operations during attacks.
• Invest in secure, redundant systems to ensure continuity of care even when primary systems are compromised.
• Engage with cybersecurity experts to stay ahead of emerging threats and tailor defenses to healthcare-specific risks.

The Kettering Health ransomware attack is a stark reminder that in healthcare, cybersecurity is not just an IT issue—it’s a patient safety imperative. Organizations must act decisively to protect their systems and the people who depend on them.