Ohio-based Kettering Health recently faced a cyber incident that disrupted some of its services, leading to a concerning development where fraudsters began calling patients and requesting credit card payments for medical expenses. This incident caused a network cyber attack that limited access to patient care systems across Kettering’s extensive network of medical facilities.
The cyber attack resulted in a call center outage and the cancellation of elective surgeries, as explained in an online statement by the health system. Despite these challenges, emergency rooms and clinics remained open to continue providing essential care to patients. The threat actors behind the attack posted a ransom note on the health system’s network, threatening to leak sensitive data unless an extortion fee was paid.
In response to the scam calls made to patients, Kettering Health announced that it would not be making any payment-related calls over the phone until further notice, ensuring patient safety and security. The incident highlighted the growing trend of healthcare organizations being targeted by cybercriminals due to the valuable data they possess. Responding to extortion demands can put patient safety at risk, making it essential for providers to have robust cybersecurity measures in place.
Researchers have observed cyber attackers using sophisticated tactics like double extortion attacks with ransomware such as Interlock. These attackers target businesses across various sectors, including healthcare, technology, government, and manufacturing. To protect against such threats, regular product security assessments and participation in threat intelligence sharing programs are crucial for staying ahead of cyber adversaries.
In light of the increasing incidents of ransomware attacks targeting healthcare organizations, industry experts emphasize the importance of shifting from reactive responses to proactive defense strategies. This requires a concerted effort to enhance cybersecurity measures and stay vigilant against evolving cyber threats.
Overall, the cyber incident at Kettering Health serves as a reminder of the critical need for healthcare organizations to prioritize cybersecurity measures to safeguard patient data and ensure uninterrupted delivery of care services. By staying proactive and implementing robust security protocols, healthcare providers can mitigate the risks posed by cyber threats and protect the integrity of their operations.
