Kettering Health makes progress in recovering from cyberattack

A cyberattack has disrupted patient care at Kettering Health, but the Ohio hospital system is making strides in resuming full operations.

Kettering Health has made strides in bouncing back from a cyberattack. The system says its emergency departments are open to all patients.

Kettering Health said in a post on its website that its emergency departments are fully open and are accepting all patients. Kettering was diverting ambulances to other facilities in the wake of an attack that was reported last week.

John Weimer, Kettering Health’s senior vice president and leader for incident command, said the full opening of the emergency departments represents a milestone in its recovery.

“Our teams have worked incredibly hard to bring imaging up, so we could end diversion in our emergency departments,” Weimer said in a message online.

• Read more: CHE cybersecurity panel: How hospitals can protect their patients, and their systems

Kettering staff have continued to develop temporary solutions to resume full operations.

Kettering is also advising patients to arrive for their appointments and scheduled surgeries, unless they are notified otherwise. Kettering postponed surgeries and procedures last week due to the attack.

On Thursday, Kettering said it was expanding walk-in availability for established patients to its outpatient clinics, including those who need specialty care. Primary care clinics have also been offering walk-in appointments for established patients.

Based in Dayton, Ohio, Kettering Health operates 14 medical centers and more than 120 outpatient clinics.

The health system had experienced problems with its call center. Kettering said patient calls have been getting through but patients should expect longer waits to connect with someone.

Kettering said last week on its website that it experienced “a cybersecurity incident resulting from unauthorized access to our network.” The incident has caused a “system-wide technology outage,” Kettering says.

This week, Weimer told WLWT-TV that it appears the breach is the result of a ransomware attack, and he said the system hasn’t made a ransom payment.

• Read more: What it’s like to negotiate with ransomware gangs

Kettering shut down all of its IT infrastructure after the breach was discovered. Weimer said the full scope of the attack and how many people may be affected remains unclear, WLWT reported.

Kettering Health CEO Mike Gentry said last week that the system “experienced an unscheduled downtime for most of its IT applications.” He said such events at healthcare organizations typically last 10 to 20 days.

The health system has set up temporary phone lines for patients with urgent clinical questions and those trying to reach pharmacies.

Kettering staff have reached out to patients to reschedule procedures and appointments. The system also said there is no evidence that MyChart or other phone apps have been compromised.

Weimer also praised the Greater Dayton Area Hospital Association, Dayton Children’s Hospital, and Premier Health for their support.

More hospitals and health organizations have suffered cyberattacks in recent years. Three out of four Americans were affected by breaches of private health information last year. In 2024, there were 592 cyberattacks involving breaches of health data, and 259 million Americans were affected, said John Riggi, national advisor for cybersecurity and risk with the American Hospital Association.

Cybersecurity experts say that ransomware attacks can have a significant “blast radius” that goes beyond their intended targets, as other hospitals take on more patients in the wake of a breach.

• Read more: What it’s like to negotiate with ransomware gangs