Kettering Health’s healthcare ransomware attack on May 20, 2025 resulted in system-wide technology outages, elective procedure cancellations, and an influx of scam calls. The sophisticated attack forced the health system to operate without electronic health records (EHR) for 13 days, likely costing millions in hospital downtime costs.
The healthcare system confirmed that the attack occurred due to unauthorized network access later attributed to emerging ransomware group Interlock, a relatively new threat that has been targeting primarily healthcare institutions since at least September 2024.
Downtime Brings Widespread Operational Impact
The attack disrupted services across the health system’s 14 medical centers and more than 120 outpatient facilities, affecting thousands of patients throughout western Ohio. Elective inpatient and outpatient procedures at Kettering Health facilities were canceled, and the call center experienced an outage on the first day of the incident.
CEO Mike Gentry acknowledged the severity of the situation in a statement released four days after the attack began. “While planned maintenance and updates are routine and occur on an ongoing basis, fortunately an event of this type has been rare for Kettering Health,” Gentry said, noting that these events often range from 10 to 20 days in duration.
Despite the technology outage, Kettering Health maintained essential services throughout the crisis. Emergency rooms and clinics remained open and continued to see patients using alternative procedures and manual processes.
The health system restored core components of its EHR system on June 2 and eradicated all of Interlock’s tools by June 6. However, Interlock claims to have stolen 941 GB of data from Kettering Health, including 732,490 files containing patient records, employee information, financial data, and other sensitive information. The ransomware group has since published the stolen data on its dark web leak site, indicating Kettering Health did not pay the ransom.
Additionally, many patients received scam calls soliciting payment information for medical expenses, demonstrating how cyber incidents create multiple security threats beyond the primary attack.
The Cost of Healthcare Ransomware Attacks
The Kettering Health incident underscores the enormous financial and operational stakes involved in healthcare system outages. Healthcare EHR downtime can cost hospitals between $7,000 and $25,000 per minute, depending on the size and complexity of the organization. This means Kettering Health’s 13-day EHR disruption could have caused hundreds of millions of dollars in lost revenue, although the health system has not released a figure.
According to recent industry analysis, healthcare organizations that admit to paying ransoms average $4.4 million per incident, while ransomware attacks cost healthcare organizations $900,000 per day in downtime alone. These figures don’t account for additional costs like incident response, system restoration, regulatory compliance, and potential legal liability.
Ultimately, the cost of proactive security investments and downtime solutions remains minimal compared to the financial and reputational damage that follows successful attacks.
Why Hospitals Need Specialized Downtime Solutions
The Kettering Health incident shows why manual backup procedures aren’t sufficient. Modern healthcare downtime solutions enable healthcare organizations to continue electronic workflows even when offline, maintaining patient safety while making the path to recovery much easier.
Since its emergence in September 2024, Interlock has claimed 14 victims on their dark web data leak site, with healthcare organizations representing nearly 30% of cases. As a result, organizations like dbtech, which has nearly 40 years of healthcare experience, are seeing higher demand for resilient downtime solutions that maintain access to patient data during outages.
Organizations that act decisively now can avoid the operational disruptions and patient safety risks that inevitably follow major cyber incidents.
dbtech’s comprehensive solutions serve over 300 healthcare facilities, providing encrypted data storage, automated audit trails, and rapid recovery capabilities that regulators expect during investigations. Effective downtime solutions address multiple operational needs:
- Electronic workflow continuity with EHR integration and downtime encounter numbers
- Rapid recovery that eliminates manual data re-entry
- Isolated workstations protected from ransomware attacks
Ready to Prevent Costly Downtime?
dbtech offers complimentary downtime audit assessments to identify vulnerabilities and implementation options. Contact dbtech today to see how comprehensive downtime solutions protect against operational disasters.