Interlock ransomware group claims Kettering Health cyberattack

UPDATE 6/5/2025 -- Kettering Health said it has reason to believe that the Interlock ransomware group launched the cyberattack against its systems. 

"This prompted an immediate and comprehensive response to ensure the security of our systems and the integrity of our data," Kettering Health said. 

Interlock is an emerging ransomware group that first appeared in late 2024.

As of June 6, 2025, Kettering Health had eradicated Interlock's tools from its systems and conducted a full review of impacted systems. The organization also said that all updates and patches were in place. 

"We have strong confidence that our network-connected devices are secure, and our connections to our partners are fully protected," the health system stated. "Our primary focus has shifted to ensuring that patients can reliably communicate, schedule, and receive all types of care from Kettering Health."

---

UPDATE 6/2/2025 -- On the morning of June 2, 2025, Kettering Health made progress toward system-wide restoration by launching the core components of its Epic EHR system. The Ohio health system experienced a system-wide outage beginning May 20 that disrupted access to patient care systems and resulted in inpatient and outpatient procedure cancellations.

"Over 200 individuals -- including Kettering Health Information Systems team and clinical team members as well as partners from Epic -- worked to reach this point," the health system said. "This launch reestablishes Kettering Health's ability to update and access electronic health records, facilitate communication across care teams, and coordinate patient care with greater speed and clarity."

In addition to restoring access to its EHR system, Kettering Health said it continues to bring inbound and outbound calling to its facilities, as well as MyChart.

On May 30, Kettering Health CEO Mike Gentry provided an update to staff regarding the influx of targeted spam calls that Kettering Health employees, partners and community members had been receiving since the incident began. Gentry urged staff and the public not to click links or open attachments, hang up immediately if contacted via phone and report suspicious messages to the police.

As restoration efforts continue, Kettering Health emergency departments are now off diversion and the system's primary care locations are back to providing walk-in care to established patients.

---

5/21/2025 -- Kettering Health is responding to a cyberattack that caused a system-wide technology outage, resulting in inpatient and outpatient procedure cancellations. Kettering Health operates 14 medical centers and more than 120 outpatient facilities across western Ohio.

According to a statement posted on its website, Kettering Health began experiencing a system-wide outage on the morning of May 20, 2025, which limited its ability to access certain patient care systems.

As a result, all elective inpatient and outpatient procedures across all Kettering Health facilities were cancelled for May 20. The health system's call center also experienced an outage. Although elective procedures were cancelled, the organization's emergency rooms in clinics remained open for patient care.

Later in the morning on May 20, Kettering Health confirmed that the outage was caused by a cyberattack resulting from unauthorized access to its network.

"We have taken steps to contain and mitigate this activity and are actively investigating and monitoring the situation," Kettering Health stated. "We will continue to provide updates as appropriate."

In addition to suffering an outage, Kettering Health warned patients that scam calls had occurred in connection with the outage. In the calls, people claiming to be Kettering Health employees requested payments for medical expenses.

"While it is customary for Kettering Health to contact patients by phone to discuss payment options for medical bills, out of an abundance of caution, we will not be making calls to ask for or receive payment over the phone until further notice," the organization said, encouraging patients who receive scam calls to report it to local law enforcement.

This story will be updated as more information becomes available.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.