US-based healthcare provider Kettering Health was forced to cancel patient appointments following a cyber attack which caused a company-wide outage.
Kettering Health operates 14 medical centers and over 100 outpatient locations across the state of Ohio. In a statement confirming the outage on Tuesday 20th, the non-profit said the attack severely impacted call center operations and a number of patient care systems.
“Elective inpatient and outpatient procedures at Kettering Health facilities have been canceled for today Tuesday, May 20,” the company said.
“These procedures will be rescheduled for a later date and more information will be provided on this as updates are available. In addition, our call center is experiencing an outage and may not be accessible.”
In the wake of the attack, Kettering Health warned patients to be wary of potential phishing scams as threat actors look to capitalize on the disruption.
The provider told patients to never share financial details in the event they are contacted and report any cases to law enforcement.
“While it is customary for Kettering Health to contact patients by phone to discuss payment options for medical bills, out of an abundance of caution, we will not be making calls to ask for or receive payment over the phone until further notice,” the firm said.
Who’s behind the Kettering Health attack?
According to reports from CNN, the Interlock ransomware group has claimed responsibility for the attack, with the group threatening to leak stolen information if it fails to pay a ransom.
“Your network was compromised, and we have secured your most vital files,” read a ransom note seen by reporters at the publication.
Interlock is a relatively new ransomware group, but has quickly risen to prominence since first bursting onto the scene in late 2024. Rebecca Moody, head of data research at Comparitech, said the group first began adding victims to its data leak site in October 2024.
“As with most ransomware gangs today, it seeks a ransom payment for the decryption of systems and the deletion of stolen data,” she said.
Moody added that since October last year, Comparitech has tracked 16 confirmed attacks by the group and an additional 17 unconfirmed attacks that “haven’t been acknowledged by the organizations in question”.
The company has previously targeted healthcare organizations in the US, having claimed responsibility for a breach on DaVita, a kidney care provider that operates across the United States.
Most recently, Interlock was identified as the group behind an attack on a local authority’s school networks in Scotland. The local council for West Lothian, which is located on the outskirts of Edinburgh, confirmed the attack earlier this week.
The group has since leaked 3.3 million files on the dark web, according to reports from Edinburgh-based publication, Futurescot.
MORE FROM ITPRO
Source link
-
-
-
-
-
-
-
-
