Sources tell the Dayton Daily News the hospital system is dealing with a ransomware attack. Hackers appear to be threatening to destroy data and publicly publish sensitive data on the dark web if hospital officials don’t reach out and negotiate within 72 hours, according to information shared with the Dayton Daily News by an anonymous source.
The dark web is typically described as a hidden part of the internet that is not indexed by regular search engines and only accessible through special browsers.
“We are currently experiencing a cybersecurity incident resulting from unauthorized access to our network,” Kettering Health said. “We have taken steps to contain and mitigate this activity and are actively investigating and monitoring the situation. We will continue to provide updates as appropriate.”
Elective inpatient and outpatient procedures at Kettering Health facilities have been canceled for Tuesday. These procedures will be rescheduled for a later date and more information will be provided on this as updates are available, the hospital system said.
“At this time, only elective procedures are being rescheduled. Our emergency rooms and clinics are open and continuing to see patients,” Kettering Health said. Patients should expect a call from their care team.
The Kettering Health call center is also currently experiencing an outage and may be inaccessible.
“We understand that this is frustrating for our patients and concerning for those who have family members in our care. We have procedures and plans in place for these types of situations so we can continue to provide safe, high-quality care for patients currently in our facilities despite the disruption we’re experiencing,” Kettering Health said in an earlier statement.
Kettering emergency departments are diverting ambulances to other facilities, according to a Facebook post by the Greater Miami Valley EMS Council.
“Per Kettering Health: Kettering Health is experiencing a system-wide network issues at this time. Our incident command is operational and is assessing our capabilities. All EDs are on diversion and we update with any changes at the top of each hour,” the post says.
Premier Health is alerting its employees it has called a “code yellow” because of the ransomware attack at Kettering Health and is warning of a potentially significant increase in patient volumes in coming hours and days because of patients being diverted, according to information shared with the Dayton Daily News.
At the same time, Premier warns its employees, the ability of the two hospital networks to communicate on things such as imaging and medial records is disabled.
Premier Health declined to comment.
Kettering Health has not commented on what kind of cyber attack the hospital system is experiencing. The American Hospital Association in March said a ChatGPT vulnerability is being used by cyberthreat actors to attack security flaws in artificial intelligence systems, citing a March 12 report by Veriti, a cybersecurity firm.
“This could allow an attacker to steal sensitive data or impact the availability of the AI tool,” said Scott Gee, deputy national advisor for cybersecurity and risk at the American Hospital Association.
The National Institute of Standards and Technology lists the vulnerability as medium risk, but Veriti said it has been used by cyberthreat actors in more than 10,000 attack attempts worldwide with financial institutions, health care and government organizations the top targets for the attacks.
Health care organizations are particularly vulnerable and targeted by cyberattacks because they possess information of high monetary and intelligence value to cyber thieves and nation-state actors, the American Hospital Association says.
Cyber threats may go after patients’ protected health information, financial information like credit card and bank account numbers, personally identifying information such as Social Security numbers and intellectual property related to medical research and innovation, the association says.
Stolen health records may sell up to 10 times or more than stolen credit card numbers on the dark web, according to the association. The cost to remediate a breach in health care is almost three times that of other industries, averaging $408 per stolen health care record versus $148 per stolen non-health record, the association says.
