On May 20, 2025, Kettering Health experienced a system-wide technology outage caused by a ransomware attack, disrupting services across its 14 medical centers in Ohio. The incident led to the cancellation of elective inpatient and outpatient procedures, disabled the system’s call center and interrupted access to patient portals such as MyChart. Emergency rooms and outpatient clinics remain open.
Kettering Health said it activated contingency protocols to maintain patient care and is actively investigating the cyber incident. Ambulances are being diverted from Kettering emergency departments, and the Greater Miami Valley EMS Council confirmed regional coordination is underway.
Premier Health, a neighboring provider, reported increased patient volumes and noted disruptions in intersystem communication.
Ransomware is malicious software that encrypts or locks data until a ransom is paid. According to CNN, a ransom note viewed by the outlet claimed Kettering Health’s network had been compromised, with sensitive data allegedly exfiltrated. The note linked to a negotiation site associated with the Interlock ransomware group and threatened to leak the data unless contact was made within a specified timeframe.
The Dayton Daily News reported that attackers warned of publishing data on the dark web — a part of the internet not indexed by standard browsers — if negotiations were not initiated within 72 hours. Kettering acknowledged unauthorized access to its network but declined to comment further on the ransom note or attribution.
Federal agencies typically involved in healthcare-related cyber responses — namely the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) — have been contacted for comment, according to CNN.
Related: Healthcare Cybersecurity Bill Proposed to Tackle Growing Threats
As health systems manage growing volumes of sensitive data and rely heavily on interconnected platforms for care delivery, incidents like this expose operational, regulatory and clinical vulnerabilities across the sector.
From 2018 to 2024, US healthcare providers reported more than 650 ransomware attacks, affecting nearly 89 million records and resulting in billions in response costs, according to Comparitech.
The FBI’s 2024 Internet Crime Complaint Center (IC3) report identified ransomware as one of the top threats to critical infrastructure, with 4,878 complaints filed from sectors including healthcare.
While IC3 tracked only $12.5 million in reported ransomware losses for 2024, the agency notes this excludes costs related to downtime, recovery and third-party remediation — factors that significantly elevate total impact.
Industry estimates place the average cost of ransomware-related downtime at $1.9 million per day, with 2024 recovery periods averaging 18 days.
The February 2024 Change Healthcare breach alone compromised 100 million records and cost $2.4 billion. And Ascension Health’s recovery cost was purported to reach $1.6 billion following its May 2024 ransomware incident.
The most active ransomware groups targeting healthcare in early 2025 include Interlock, RansomHub, Qilin, Medusa and INC — many of which operate under ransomware-as-a-service (RaaS) models. FBI reporting confirms continued activity from LockBit and RansomHub, reflecting a broad and persistent risk environment.
Not only are healthcare organizations taking longer to recover from cyberattacks, but recovery timelines are also worsening.
According to Sophos’ State of Ransomware in Healthcare 2024 report, only 22% of healthcare organizations regained access to systems within one week in 2024, down from 54% in 2022. Double extortion tactics — where data theft is used alongside encryption to increase leverage — are now common, even when backups are in place.
Healthcare remains among the most frequently targeted sectors due to its dependence on digital infrastructure, widespread use of legacy systems and the urgency of uninterrupted care.
While agencies like the FBI, HHS and CISA often support breach investigations, delays in reporting and limited breach data continue to hinder response efforts.
In 2024, Ohio, home to Kettering Health, ranked among the top 10 US states for cybercrime complaints and among the top 15 for total reported cyber losses.
If you want your company to be featured on Xtalks.com, please email [email protected].
Join or login to leave a comment
JOIN LOGIN