On May 20, 2025, Kettering Health was impacted by a cybersecurity incident linked to a group known as Interlock. We responded immediately to secure our systems and protect patient data. Since then, we have been restoring systems and enhancing security.

Based on our investigation, we believe the incident was carried out by a ransomware group called Interlock. The matter is under investigation by cybersecurity experts and law enforcement.

Some of our systems, including phones and scheduling tools, were affected by the incident. We are restoring services in a phased and secure manner, and we understand the delays have been frustrating.

Many of our communication systems were impacted, and we’re working to return to normal operations as quickly and safely as possible. We appreciate your patience during this process.

We are actively working through a high volume of rescheduling needs. You will be contacted as soon as we are able to safely restore full scheduling capabilities. Thank you for your continued patience.

Our pricing is not determined based on isolated events. Our focus remains on delivering safe, high-quality care to our community.

No, there is no connection between this cybersecurity event and any unrelated local or international activity.

Cybersecurity incidents like this are becoming increasingly sophisticated, even targeting large and well-protected organizations. As soon as we detected unauthorized activity, we acted immediately to contain it and began strengthening our systems further.

No, your scheduled payment plan will not be delinquent as a result of the outage. When our systems went offline, payment plans were paused and will not fall behind or age. As part of our recovery efforts, we will reset payment plans so they resume correctly, without affecting your account status.

We took a careful, phased approach to ensure all systems were secure before bringing them back online. Restoring healthcare systems safely requires time and precision, especially to protect patient information.

There may be temporary delays in billing or payment processing, but your care will not be interrupted. Once systems are fully restored, you will receive updated information.

We are still conducting a thorough review of the incident. At this time, we believe only a limited portion of our data was accessed. If we determine your personal or financial information was involved, you will be notified directly.

You will receive direct communication from Kettering Health if your information was impacted. That notification will include details and instructions on any next steps to be taken.

There is currently no indication that any banking information stored in Epic or MyChart was accessed. We continue to investigate, and if that changes, we will notify affected individuals directly.

If we determine your information was impacted, your notification may include resources such as identity protection or credit monitoring, as appropriate.

If you believe you were a victim of a scam, contact your financial institution immediately to report the transaction. You should also file a report with local law enforcement. Kettering Health will never call asking for payment unless it has been pre-arranged through our secure channels.

We have reason to believe the incident was carried out by a ransomware group called Interlock. We responded immediately to secure our systems, and we continue to cooperate with law enforcement and cybersecurity experts.

We are not commenting on specific operational details of our response. Our focus was on securing our systems and restoring safe access to care for our patients.

If your information was affected, you will receive a notification from Kettering Health with relevant information.

A thorough review of all systems was conducted by external partners and our internal teams who removed all threats and secured affected systems. All necessary security protocols, including network segmentation, enhanced monitoring, and updated access controls, are in place. We are confident that our cybersecurity framework and employee security training are sufficient to mitigate future risks.

We have no evidence linking this incident to any other organizations. The investigation is ongoing, and we are working closely with law enforcement.