Interlock Ransomware Attack on Kettering Health Exposes Healthcare’s Digital Breaking Point

What began two weeks ago as a sudden digital blackout across Kettering Health’s network has now escalated into a grim case study in the rising human toll of ransomware. The Interlock ransomware gang has publicly claimed responsibility for the Ohio-based healthcare system breach, releasing what it says is 940 gigabytes of stolen data—patient records, internal communications, and even law enforcement files—onto the dark web.

For the sprawling regional hospital network, which includes medical centers, outpatient clinics, and emergency services, the fallout is still unfolding. Core parts of its Epic-powered electronic health record (EHR) system have only just come back online, and the organization remains silent on whether any ransom was ever seriously considered. Kettering Health’s emergency operations chief previously told local media no payment was made.

But the deeper concern now isn’t just data—it’s lives.

“Ransomware is designed to hurt—to disrupt operations, to create chaos, to squeeze victims for cash when they’re in their most desperate hour,” said Jon Miller, co-founder and CEO of cybersecurity firm Halcyon. “But when that chaos hits a hospital, it’s not just some IT headache or an inconvenient return to pen and paper, it’s a public health crisis. You’re talking about delayed treatments, canceled surgeries, and patients who can’t get the care they need.”

According to Miller, the consequences of cyberattacks on hospitals are quantifiable in more than downtime. “Real patients are paying the price. Missed chemo. Canceled MRIs. ERs closed. People begging for medication refills.”

Some of the leaked data reportedly includes patient mental health summaries, medication lists, and identifying information on Kettering Health’s police officers—signaling a full compromise of internal systems. Cybersecurity researchers reviewing the leaked samples confirm the data is likely authentic and extensive.

“Ransomware isn’t just an IT problem, it’s a patient care problem,” Miller added. “It’s about life and death. And until we treat it like the existential threat it is, we’re going to keep seeing hospitals buckle under the weight of attacks they’re not equipped to handle.”

The Interlock gang, which emerged in late 2024, has been increasingly active in the healthcare sector. Analysts believe the group is using double-extortion tactics—locking files while also threatening public exposure of sensitive data. The timing of their public claim, two weeks after the attack, suggests negotiations may have stalled or failed.

Miller also pointed to broader systemic risks. “There’s a blast radius. When one hospital goes dark, nearby providers are forced to absorb the overflow without extra staff, space, or resources. ERs get crushed, wait times explode, and even patients with unrelated emergencies suffer.”

Despite mounting evidence that ransomware attacks are contributing to higher mortality and complication rates—particularly in overstretched systems—healthcare security spending and preparedness continue to lag.

A recent study cited by Miller found that mortality among hospitalized Medicare patients increased by over 30% at ransomware-affected facilities. Between 2016 and 2021, these attacks may have played a role in as many as 67 patient deaths nationwide.

As of now, Kettering Health’s recovery continues with cautious updates and limited public statements. Interlock has not responded to media inquiries, and the stolen data remains accessible to anyone willing to browse its darknet portal.

For a country grappling with rising healthcare costs and a strained hospital workforce, the threat of ransomware now sits uncomfortably at the intersection of cybersecurity, public health, and national security. And unlike elective procedures or non-urgent upgrades, addressing it can no longer be postponed.