Kettering Health cyberattack delays surgeries, system reports ‘scam calls’
The Ohio-based system says its call center was affected and customers are getting calls from individuals claiming to work for Kettering and seeking payment.
Kettering Health is grappling with a cyberattack that is disrupting patient care and other key functions.
Kettering Health, based in Dayton, Ohio, is suffering a system-wide technology outage due to a cyberattack. Some surgeries have been postponed.
Kettering says on its website that it has experienced “a cybersecurity incident resulting from unauthorized access to our network.” The incident has caused a “system-wide technology outage,” Kettering says. CNN and the Dayton Daily News are reporting that Kettering has suffered a ransomware attack.
Kettering said Tuesday that it has postponed elective surgeries at hospitals and procedures at outpatient clinics. Kettering says it will provide more information about when those surgeries will be rescheduled. The system, based in Dayton, Ohio, operates 14 medical centers and more than 120 outpatient clinics.
While Kettering has postponed surgeries, the health system says its emergency rooms are open and receiving patients. Ambulances are being diverted, the Daily News reports. Kettering’s clinics are open.
Kettering said on its website that its call center has experienced an outage, among the disruptions.
Adding to the problems, Kettering Health says patients are getting “scam calls” from individuals claiming to be representatives of the health system. The callers are demanding payments for services. Kettering said it hasn’t confirmed that the “scam calls” are tied to the system-wide outage.
“We have confirmed reports that scam calls have occurred from persons claiming to be Kettering Health team members requesting credit card payments for medical expenses,” Kettering said on its website.
Kettering Health says employees typically call patients to get payments for bills, the health system says it’s suspending such calls for the time being. The health system encourages anyone getting such calls to report them to law enforcement.
The health system says it’s working to contain the damage and is continuing to investigate the attack.
More hospitals and health systems, along with other organizations that have health data, have suffered cyberattacks in recent years. Three out of four Americans were affected by breaches of private health information last year.
Cyberattackers are demonstrating more technical proficiency in their attacks, Steve Cagle, the CEO of Clearwater, a cybersecurity firm, told Chief Healthcare Executive® in a recent interview.
“The attacks are becoming much more sophisticated,” Cagle says.
Ransomware gangs are using artificial intelligence to craft better phishing emails, and they’re also using AI to gather intelligence on companies that they’re targeting.
“You can gather information on a company using artificial intelligence,” Cagle says. “You can write the ransomware, by the way, or write the code … if you're doing a phishing campaign, you can use AI to help support that. You could use it to write the malware.”
The Dayton Daily News reported that hackers are threatening to publish private health information and destroy data if Kettering Health doesn’t negotiate within 72 hours.
Ransomware gangs routinely target hospitals because they have private health information which can be sold on the dark web, and because hospitals will often pay to restore their systems and care for patients.
A ransomware group’s attack on UnitedHealth Group’s Change Healthcare last year proved to be the most damaging cyberattack the healthcare industry has ever seen. UnitedHealth said 190 million Americans were expected, and hospitals and medical groups around the country faced disruptions and financial losses from the attack.
Even as some ransomware groups seek big paydays, they are willing to negotiate on their demands. Andrew Carr, a ransomware negotiator for Booz Allen, told Chief Healthcare Executive® that some attackers hold firm on demands, but others will take less than they initially sought.
“Early on, there were a lot of hard-nosed threat actors,” Carr says. “But they've realized that some money is better than no money. So they often will negotiate.”
Ransomware groups are more likely to negotiate if their attacks were less successful than they expected, Carr said. He also stressed the importance of hospitals developing strong cybersecurity defenses and robust response plans in case they are attacked to minimize disruptions.
