Latest news with #Interlock
Yahoo
2 days ago
- Health
- Yahoo
Kettering Health Cyberattack: people concerned about how much sensitive info on dark web
People are concerned about how much sensitive information from patients is now on the dark web after the Kettering Health cyberattack. [DOWNLOAD: Free WHIO-TV News app for alerts as news breaks] A cyberattack threat analyst explains how the hackers got into the Kettering Health systems and essentially held them hostage today on News Center 7 Daybreak from 4:25 a.m. until 7 a.m. TRENDING STORIES: Multiple injuries after 6-vehicle crash on I-75 in Montgomery Co. 5 hospitalized after car submerges into pond, OSHP says Child flown to hospital after being hit by car in Greene Co. It is believed that Interlock, a hacking group, posted a terabyte of information on their website. As previously reported by News Center 7, Kettering Health said Thursday that it removed the tools Interlock used to gain access, enhanced network security, and patched vulnerabilities. As for the patients' information, a threat analyst told News Center 7 there is 'no immediate way you can remove it.' 'So, that information can reside on the dark web and ultimately find its way to the open web so anyone can see it,' Luke Connolly, Emisoft Threat Analyst, said. Kettering Health says its primary focus is ensuring that patients get in contact with them and get the care they need. The update provided by Kettering Health did not address News Center 7's questions seeking information on services and protections that might be offered to patients and employees now that sensitive information has been released. This is a developing story, and we will continue to update this page with new details. [SIGN UP: WHIO-TV Daily Headlines Newsletter]
Yahoo
3 days ago
- Health
- Yahoo
Kettering Health cyberattack; Hacker group claims responsibility, sensitive info put on dark web
All cybersecurity threats have been removed from Kettering Health systems Thursday, over two weeks after a cyberattack disabled most of the network's systems, according to a spokesperson. [DOWNLOAD: Free WHIO-TV News app for alerts as news breaks] Cybersecurity experts report information hackers obtained during the attack is now available on the dark web. News Center 7's Amber Jenkins talks with experts on what hackers can do with your data and how you can protect yourself and sensitive information LIVE on News Center 7 at 5:00 In an update sent to News Center 7 Thursday, the health network also reported security enhancements have been made to their secure systems, a thorough review of all systems was completed by internal and external teams, and ongoing protection measures were put in place. >>RELATED: Kettering Health provides update on cyberattack; Internal health records back online 'A thorough review of all systems was conducted by external partners and our internal team, and all necessary security protocols, including network segmentation, enhanced monitoring, and updated access controls, are in place,' the spokesperson said in the statement. 'We are confident that our cybersecurity framework and employee security training are sufficient to mitigate future risks. We have strong confidence that our network-connected devices are secure, and our connections to our partners are fully protected.' >>RELATED: Kettering Health works to return to normal amid payroll, MyChart issues from cyberattack Kettering Health also formally acknowledged the hacker and ransomware group Interlock as being responsible for the attack. The hacker group had previously not claimed responsibility before this week, despite reports from CNN that they were responsible. TRENDING STORIES: Bodies of 3 sisters found after visit with their father; New photos released as manhunt continues 'Massive drug operation take down' yields drugs, guns, nearly half a million in cash Hooters abruptly closes 30 locations Cybersecurity expert Luke Connolly told News Center 7 Thursday Interlock has both claimed responsibility for the cyberattack and has posted nearly 1,000 gigabytes for download on the dark web. The update provided by Kettering Health did not address News Center 7 questions seeking information on services and protections that might be offered to patients and employees now that sensitive information has been released. This is a developing story and we will continue to update this page with new details. [SIGN UP: WHIO-TV Daily Headlines Newsletter]
Yahoo
4 days ago
- Health
- Yahoo
Ransomware gang claims responsibility for Kettering Health hack
A ransomware gang claimed responsibility for the hack on Kettering Health, a network of hospitals, clinics, and medical centers in Ohio. The healthcare system is still recovering two weeks after the ransomware attack forced it to shut down all its computer systems. Interlock, a relatively new ransomware group that has targeted healthcare organizations in the U.S. since September 2024, published a post on its official dark web site, claiming to have stolen more than 940 gigabytes of data from Kettering Health. CNN first reported on May 20 that Interlock was behind the breach on Kettering Health. At the time, however, Interlock had not publicly taken credit. Usually, that can mean the cybercriminals are attempting to extort a ransom from their victims, threatening to release stolen data. The fact that Interlock has now come forward could indicate that the negotiations have gone nowhere. Do you have more information about Kettering Health's ransomware incident? Or other ransomware attacks? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Kettering Health's senior vice president of emergency operations, John Weimer, previously told local media that the healthcare company had not paid the hackers a ransom. TK, a spokesperson for Kettering Health, did not provide comment when reached by TechCrunch on Wednesday. Interlock did not respond to a request for comment sent to an email address listed on its dark web site. A brief review of some of the files Interlock published on its dark web site appears to show the hackers were able to steal an array of data from Kettering Health's internal network, including private health information, such as patient names, patient numbers, and clinical summaries written by doctors, which include categories such as mental status, medications, health concerns, and other categories of patient data. Other stolen data includes employee data and the contents of shared drives. One of the folders contains documents, such as background files, polygraphs, and other private identifying information of police officers with Kettering Health Police Department. On Monday, Kettering Health published an update on the cyberattack, saying the company was able to restore 'core components' of its electronic health record system, which is provided by Epic, a healthcare software company. The company said this was 'a major milestone in our broader restoration efforts and a vital step toward returning to normal operations' that allows it to 'to update and access electronic health records, facilitate communication across care teams, and coordinate patient care with greater speed and clarity.' Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
TechCrunch
4 days ago
- Health
- TechCrunch
Ransomware gang claims responsibility for Kettering Health hack
A ransomware gang claimed responsibility for the hack on Kettering Health, a network of hospitals, clinics, and medical centers in Ohio. The healthcare system is still recovering two weeks after the ransomware attack forced it to shut down all its computer systems. Interlock, a relatively new ransomware group that has targeted healthcare organizations in the U.S. since September 2024, published a post on its official dark web site, claiming to have stolen more than 940 gigabytes of data from Kettering Health. CNN first reported on May 20 that Interlock was behind the breach on Kettering Health. At the time, however, Interlock had not publicly taken credit. Usually, that can mean the cybercriminals are attempting to extort a ransom from their victims, threatening to release stolen data. The fact that Interlock has now come forward could indicate that the negotiations have gone nowhere. Contact Us Do you have more information about Kettering Health's ransomware incident? Or other ransomware attacks? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Do you have more information about Kettering Health's ransomware incident? Or other ransomware attacks? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . Kettering Health's senior vice president of emergency operations, John Weimer, previously told local media that the healthcare company had not paid the hackers a ransom. TK, a spokesperson for Kettering Health, did not provide comment when reached by TechCrunch on Wednesday. Interlock did not respond to a request for comment sent to an email address listed on its dark web site. A brief review of some of the files Interlock published on its dark web site appears to show the hackers were able to steal an array of data from Kettering Health's internal network, including: private health information, such as patient names, patient numbers, and clinical summaries written by doctors, which include categories such as mental status, medications, health concerns, and other categories of patient data. Other stolen data includes employee data and the contents of shared drives. Techcrunch event Save now through June 4 for TechCrunch Sessions: AI Save $300 on your ticket to TC Sessions: AI—and get 50% off a second. Hear from leaders at OpenAI, Anthropic, Khosla Ventures, and more during a full day of expert insights, hands-on workshops, and high-impact networking. These low-rate deals disappear when the doors open on June 5. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you've built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | REGISTER NOW One of the folders contains documents, such as background files, polygraphs, and other private identifying information of police officers with Kettering Health Police Department. On Monday, Kettering Health published an update on the cyberattack, saying the company was able to restore 'core components' of its electronic health record system, which is provided by Epic, a healthcare software company. The company said this was 'a major milestone in our broader restoration efforts and a vital step toward returning to normal operations,' that allows it to 'to update and access electronic health records, facilitate communication across care teams, and coordinate patient care with greater speed and clarity.'
Yahoo
20-05-2025
- Health
- Yahoo
Ransomware attack triggers ‘system-wide' tech outage at large network of medical centers
A ransomware attack has triggered a 'system-wide technology outage' at a network of over a dozen medical centers in Ohio, causing the cancellation of elective inpatient and outpatient procedures, according to a statement from the health network and a ransom note viewed by CNN. Kettering Health, which employs more than 1,800 doctors and serves a big chunk of Ohio, said in a statement that a 'cyberattack' that hit Tuesday morning had created a 'number of challenges' at the network's 14 medical centers and had disrupted its call center. Emergency rooms and clinics are open and seeing patients, the statement said. 'Inpatient and outpatient procedures have been canceled for today,' Kettering Health said. 'Scheduled procedures at Kettering Health medical centers will be rescheduled.' The health network said it had backup procedures in place 'for these types of situations' to keep providing safe and quality care for patients. Behind the scenes, Kettering Health executives and information technology personnel are scrambling to contain the fallout from the hack. Ransomware, which locks computers so hackers can demand a fee, was deployed on Kettering's computer network, according to ransom note recovered at the scene and viewed by CNN. 'Your network was compromised, and we have secured your most vital files,' the ransom note says. The note threatens to leak data allegedly stolen from Kettering Health online unless the health network begins negotiating an extortion fee. The ransom note leads the victim to an extortion site associated with a ransomware gang known as Interlock, which first emerged last fall. Interlock has since targeted a variety of sectors, including tech and manufacturing firms and government organizations, according to Talos, Cisco's cyber-intelligence unit. A Kettering Health spokesperson declined to comment when asked for further details about the cyberattack beyond the network's statement. The FBI, the Department of Health and Human Services, and the US Cybersecurity and Infrastructure Security Agency are the main federal agencies that typically respond to major cyberattacks on American health care providers. CNN has requested comment from all three entities. The US health care sector has for years been battered by cybercriminals that see hospitals as desperate to pay them off to try to keep patient care from being disrupted. The health sector reported more than 440 ransomware attacks and data breaches to the FBI last year, the highest tally of all critical infrastructure sectors. A series of cyberattack attacks in the last 18 months on major health providers directly impacted patients across the country and underscored a sense among US lawmakers and federal officials that the cyber defenses of America's health care providers are untenable. The hack last year of Ascension, a St. Louis-based nonprofit that oversees 140 hospitals across 19 states, endangered patients' health as nurses were forced to work without electronic health records, nurses at two of those hospitals told CNN. Meanwhile, a large swathe of Americans had their personal data stolen in a February 2024 ransomware attack on a UnitedHealth Group subsidiary that disrupted pharmacies across the US.
