The class action lawsuit, filed in Montgomery County Common Pleas Court, alleges Kettering Health was fully aware of potential dangers of a data breach, failed to take the appropriate steps to protect patients’ data and did not comply with regulatory guidance and industry-standard cybersecurity practices.
Now, hundreds of patients represented by the law firm Wright & Schulte LLC have filed individual personal injury claims against Kettering Health regarding the impact the cyberattack on their individual care.
“What we’re alleging is that after the ransomware attack, the system failure and shutdown disrupted the access to care, which resulted in appointments being canceled, diagnostic tests being delayed, treatment being disrupted, prescription-related care being interrupted, and ultimately that (this) delay caused real harm for individual people who couldn’t afford to have lost that time,” attorney Robert Gresham with Wright & Schulte said.
Unlike the class action lawsuit, this lawsuits are mass torts, which are individual claims allowing for individualized damages and the potential for differing settlements. In each case, the plaintiffs are seeking a jury trial and unspecified damages.
“With no adequate plan in place to deal with a foreseeable cyberattack, Kettering Health shut down its computer/IT system and shut down much of its acute and primary care facilities, preventing patients from seeing and communicating with their health care providers, obtaining necessary care and treatment, and obtaining necessary prescription medications,” a complaint filed by Wright & Schulte on behalf of Mishelle Holder of Dayton reads.
Holder’s complaint is the main lawsuit from this series of mass torts from Wright & Schulte.
Holder’s complaint stems from a surgery she had involving a blocked artery in her left leg and the subsequent pain she dealt with following the surgery, according to the lawsuit. Holder was unable to get a refill of her pain medication through Kettering Health due to the cyberattack. She also was not able to get pain medication through a Premier Health urgent care she went to when her regular doctor’s office was unable to help Holder as Premier Health could not access Holder’s medical records.
Between the May 20 cyberattack and another surgery she had to address the pain on June 2, Holder “was in constant pain and she could only walk for five minutes at a time before she had to sit down due to the pain and discomfort,” according to the court filing.
Other lawsuits allege the cyberattack delayed cancer screenings and other medical treatment, as well as prevented access to prescription medication.
“We have about a couple hundred (cases), which have already been filed. There’s probably hundreds more that include the class action (lawsuit),” Gresham said.
Kettering Health said it does not comment on pending litigation when asked about the lawsuits.
The May 20 cyberattack caused a systemwide technology outage at Kettering Health that lasted for more than two weeks, during which time patients were unable to access MyChart, phone lines and internet access were down, and employees made a swift return to paper charts. The hospital system briefly had to divert ambulances to other facilities at the start of the cyberattack and some treatments had to be rescheduled.
When the cyberattack happened, sources told the Dayton Daily News that hackers appeared to be threatening to destroy data and publicly publish sensitive data on the “dark web” if hospital officials didn’t reach out and negotiate within 72 hours. The dark web is typically described as a hidden part of the internet that is not indexed by regular search engines and only accessible through special browsers.
Hospital administrators on May 23 confirmed they believed the cyberattack was a ransomware attack. At that time, they said they did not have any direct contact with the perpetrator and did not pay any ransom.
A ransomware group called Interlock later claimed it stole 941 gigabytes of data — including more than 730,000 files — from Kettering Health after recently taking credit for the May 20 cyberattack against the hospital organization, according to cybersecurity experts.
By mid-June, Kettering Health announced it had returned to normal operations.
Kettering Health has 14 area medical centers and more than 120 outpatient locations throughout Western Ohio, as well as the Kettering Physician Network, which includes more than 700 board-certified providers.
Kettering Health had an operating revenue of $2.7 billion and operating expenses of $2.6 billion in 2024, according to its financial statements through the Municipal Securities Rulemaking Board, resulting in operating gains of $100.2 million. Including other sources of income — such as its retail pharmacy, physician services, and Kettering College tuition — Kettering Health reported earnings of $227.8 million.
Data for the full year of 2025 was not yet available, but for the six months that ended June 30, 2025, Kettering Health reported $55.9 million in operating losses before accounting for other sources of income. Including other sources of income, the organization reported earnings of $28.6 million.
About the Author
