On May 19th, Kettering Health experienced an unscheduled downtime for most of its IT applications. Security leaders share some of their thoughts on the recent cyberattack.

Rebecca Moody, Head of Data Research at Comparitech: 

"This attack has been linked to the ransomware gang Interlock. Since it first emerged back in October 2024, we've tracked 16 confirmed attacks via this group, while a further 17 remain unconfirmed by the victims involved. Today, Interlock also came forward to claim a large-scale attack on West Lothian Council, UK, which has been disrupting its school network for over a week. Four of Interlock's confirmed attacks are on healthcare organizations in the US. It was also confirmed as the gang involved in the attack on kidney dialysis company, DaVita, in April 2025, and the 2024 attacks on Brockton Neighborhood Health Center (which led to 97,488 people having their data breached) and Drug and Alcohol Treatment Service, Inc. (which impacted 22,215 people). Interlock was also behind the huge data breach on Texas Tech University Health Sciences Center, which involved nearly 1.5 million records."

Erich Kron, Security Awareness Advocate at KnowBe4: 

"Sadly, the organizations that are charged with ensuring our health and safety are often the biggest targets of ransomware actors due to the sensitive information they collect and the time sensitive nature of their mission. This sensitivity to time gives the cybercriminals significant leverage when attempting to collect a ransom from organizations that have been left in a severely limited condition, or in some cases unable to provide services at all."

Patrick Tiquet, Vice President, Security & Architecture at Keeper Security:

"Healthcare organizations like Kettering store a wealth of data –  personal, medical and financial – making them lucrative targets for cybercriminals. Healthcare organizations often operate under intense time pressure and limited resources, prioritizing patient care over cybersecurity investments. The combination of high-value data, operational urgency and budget constraints creates an ideal attack surface for threat actors, making cybersecurity a non-negotiable imperative for any healthcare organization. Healthcare providers also stand to experience some of the worst consequences of cyberattacks and data breaches. Not only do they manage immense amounts of sensitive personal and health information about staff, members and patients, but when systems are compromised, patient care can be directly impacted."

Joshua Roback, Principal Security Solution Architect at Swimlane:

"A cyberattack on Kettering Health has once again shown the fragility of healthcare infrastructure in the face of digital threats. With Kettering Health operating 14 medical centers and managing over 120 outpatient facilities, this attack shows just how quickly outages can impact patient care. This attack, which bears all the signs of a ransomware attack, is reportedly linked to the Interlock group via a ransom note left for the nonprofit. As a result of the outage, all elective procedures were paused yesterday, and call centers were down, leaving patients to navigate care gaps. These attacks do more than just breach networks; they directly compromise care delivery and patient safety. This attack is not an outlier, but part of a growing pattern. If the Change Healthcare breach wasn’t enough to prompt action, this latest disruption should make it clear that inaction is no longer an option. The security of these systems should be non-negotiable. Cybersecurity in healthcare can’t remain a siloed IT issue. It must be embedded into the core of the patient care strategy, with resilience, not recovery, as the standard."