Kettering Health’s investigation determined there was unauthorized access to Kettering Health’s network between April 9 and May 20, the hospital system said. Kettering Health found certain files and folders within the network were potentially viewed and/or acquired without authorization during that time frame.
Kettering Health is telling affected patients that its investigation determined that their names, Social Security numbers, and potentially one or more of the following may have been present in the systems involved and accessed during the event: financial account number, driver’s license number, medical and/or treatment information, health insurance information, billing and/or claim information, passport number, and/or username and associated password.
The May 20 cyberattack caused a systemwide technology outage at Kettering Health that lasted for more than two weeks, during which time patients were unable to access MyChart, phone lines and internet access were down, and employees made a swift return to paper charts. The hospital system briefly had to divert ambulances to other facilities at the start of the cyberattack and some treatments had to be rescheduled.
When the cyberattack happened, sources told the Dayton Daily News that hackers appeared to be threatening to destroy data and publicly publish sensitive data on the “dark web” if hospital officials didn’t reach out and negotiate within 72 hours. The dark web is typically described as a hidden part of the internet that is not indexed by regular search engines and only accessible through special browsers.
Hospital administrators on May 23 confirmed they believed the cyberattack was a ransomware attack. At that time, they said they did not have any direct contact with the perpetrator and did not pay any ransom.
A ransomware group called Interlock later claimed it stole 941 gigabytes of data — including more than 730,000 files — from Kettering Health after recently taking credit for the May 20 cyberattack against the hospital organization, according to cybersecurity experts.
By mid-June, Kettering Health announced it had returned to normal operations.
In the data breach notice letters sent to patients, Kettering Health provided free credit monitoring services for those affected, but they have 90 days after receiving the notice to sign up for those services.
The hospital system is also looking at ways to prevent similar events from happening in the future, the letter states.
“As part of our ongoing commitment to the privacy of information in our care, Kettering is reviewing policies, procedures and processes to reduce the likelihood of a similar future event,” the letter reads.
About the Author
