“Earlier this morning, Kettering Health experienced a system-wide technology outage that is causing challenges to many of our patient care systems across the organization,” Kettering Health said in an organizational statement. “We have procedures and plans in place for these types of situations and will continue to provide safe, high-quality care for patients currently in our facilities.”
Sources tell the Dayton Daily News the hospital system is dealing with a ransomware attack. Hackers appear to be threatening to destroy data and publicly publish sensitive data on the dark web if hospital officials don’t reach out and negotiate within 72 hours, according to information shared with the Dayton Daily News by an anonymous source.
The dark web is typically described as a hidden part of the internet that is not indexed by regular search engines and only accessible through special browsers.
“We are currently experiencing a cybersecurity incident resulting from unauthorized access to our network,” Kettering Health said. “We have taken steps to contain and mitigate this activity and are actively investigating and monitoring the situation. We will continue to provide updates as appropriate.”
Elective inpatient and outpatient procedures at Kettering Health facilities have been canceled for Tuesday. These procedures will be rescheduled for a later date and more information will be provided on this as updates are available, the hospital system said.
“At this time, only elective procedures are being rescheduled. Our emergency rooms and clinics are open and continuing to see patients,” Kettering Health said. Patients should expect a call from their care team.
The Kettering Health call center is also currently experiencing an outage and may be inaccessible.
“We understand that this is frustrating for our patients and concerning for those who have family members in our care. We have procedures and plans in place for these types of situations so we can continue to provide safe, high-quality care for patients currently in our facilities despite the disruption we’re experiencing,” Kettering Health said in an earlier statement.
Others impacted
Kettering emergency departments are diverting ambulances to other facilities, according to a Facebook post by the Greater Miami Valley EMS Council.
“Per Kettering Health: Kettering Health is experiencing a system-wide network issues at this time. Our incident command is operational and is assessing our capabilities. All EDs are on diversion and we update with any changes at the top of each hour,” the post says.
Premier Health is alerting its employees it has called a “code yellow” because of the ransomware attack at Kettering Health and is warning of a potentially significant increase in patient volumes in coming hours and days because of patients being diverted, according to information shared with the Dayton Daily News.
At the same time, Premier warns its employees, the ability of the two hospital networks to communicate on things such as imaging and medial records is disabled.
Premier Health declined to comment.
The Greater Dayton Area Hospital Association is aware of the recent technology incident affecting one of the regional health systems, it said.
“While the incident is deeply concerning, it is also a powerful reminder of the critical importance of collaboration, preparedness and resilience in health care,” the association said in a statement.
Area hospitals train continuously for events like this, GDAHA said, integrating technology security into their emergency preparedness planning and protocols just as they do for natural disasters or mass casualty incidents.
“Through coordinated drills, downtime documentation and procedures and real-time communication channels, our health care providers are equipped to maintain continuity of care—even in the face of digital disruptions," the association said.
Health care organizations at risk
Kettering Health has not commented on what kind of cyber attack the hospital system is experiencing. The American Hospital Association in March said a ChatGPT vulnerability is being used by cyberthreat actors to attack security flaws in artificial intelligence systems, citing a March 12 report by Veriti, a cybersecurity firm.
“This could allow an attacker to steal sensitive data or impact the availability of the AI tool,” said Scott Gee, deputy national advisor for cybersecurity and risk at the American Hospital Association.
The National Institute of Standards and Technology lists the vulnerability as medium risk, but Veriti said it has been used by cyberthreat actors in more than 10,000 attack attempts worldwide with financial institutions, health care and government organizations the top targets for the attacks.
Health care organizations are particularly vulnerable and targeted by cyberattacks because they possess information of high monetary and intelligence value to cyber thieves and nation-state actors, the American Hospital Association says.
Stolen health records may sell up to 10 times or more than stolen credit card numbers on the dark web, according to the association.
