Kettering Health, a major healthcare provider, fell victim to a ClickFix attack linked to the Interlock ransomware group, resulting in a significant data breach. The attack exploited social engineering tactics, tricking employees into executing malicious scripts via browser-based lures (e.g., fake CAPTCHAs or error-fixing prompts). The malicious payload was copied to the clipboard via obfuscated JavaScript and executed locally, bypassing traditional email security and endpoint detection. The breach compromised sensitive patient and employee data, including medical records, financial details, and personally identifiable information (PII). The attack leveraged SEO poisoning and malvertising via Google Search, evading conventional phishing defenses. Despite EDR (Endpoint Detection and Response) being the last line of defense, the obfuscated, user-initiated commands delayed detection, allowing the ransomware to encrypt critical systems. The incident disrupted healthcare operations, risked patient safety due to delayed treatments, and exposed Kettering Health to reputational damage, financial penalties, and potential legal liabilities. The breach underscored vulnerabilities in both technical controls and user awareness, particularly against browser-based, fileless attacks.

Kettering Health Hit by Cyberattack in Latest Healthcare Sector Breach Kettering Health, a major healthcare provider serving the Greater Cincinnati and Northern Kentucky region, has confirmed a cyberattack disrupting its operations. While details remain limited, the incident highlights the ongoing vulnerability of healthcare systems to digital threats. The attack was disclosed amid a broader wave of cyber incidents targeting medical institutions, where sensitive patient data and critical infrastructure are prime targets. Kettering Health has not released specifics on the nature of the breach, the extent of compromised data, or the attackers’ motives. However, such incidents often involve ransomware, data theft, or operational disruptions. Healthcare cyberattacks can delay patient care, expose confidential records, and incur significant financial and reputational costs. Kettering Health joins a growing list of providers forced to navigate recovery efforts while maintaining essential services. The incident underscores the persistent risks faced by the sector, even as organizations invest in cybersecurity defenses. No timeline for full restoration has been provided, and investigations are ongoing. Further updates are expected as the situation develops.

Kettering Health, a major Ohio-based hospital network with 14 medical centers and over 1,800 medical professionals, suffered a ransomware attack on May 20, 2025, executed by the Interlock ransomware group (RaaS model). The attack triggered a comprehensive IT failure, forcing the cancellation of all elective procedures, disrupting patient care systems, and placing emergency departments on diversion status—redirecting ambulances to other facilities. The incident involved lateral movement via RDP, potential use of malicious DLLs (rundll32.exe), and double extortion (data encryption + theft). Scam calls targeting patients for credit card details were reported, suggesting data exfiltration. Neighboring hospitals, like Premier Health, declared a ‘code yellow’ due to increased patient influx. The attack severely impacted operational continuity, patient safety, and regional healthcare resilience, with recovery efforts ongoing alongside cybersecurity teams. The long-term risks include follow-up financial fraud, reputational damage, and potential regulatory penalties for compromised patient data.

Kettering Health, a major Ohio-based healthcare network with multiple medical and emergency centers, suffered a severe ransomware attack leading to a system-wide technology outage lasting over two weeks. The attack disrupted electronic health records (Epic system), forcing staff to revert to manual (pen-and-paper) operations. Critical services were severely impacted: emergency rooms closed, medication refills delayed (risking patient seizures), ambulances diverted due to prolonged wait times, and life-saving procedures canceled—including MRIs, cancer follow-ups, open-heart surgery prep, and chemotherapy. Phone lines and digital communications failed, leaving patients unable to contact doctors. While Kettering restored core EHR functions, the Interlock ransomware gang claimed responsibility, stating they had compromised and secured vital files. The attack mirrors a broader 2024 trend of devastating healthcare breaches, though Kettering has not confirmed data exfiltration or the scope of stolen records. The operational chaos threatened patient safety, with some facing potentially fatal delays in critical treatments.