ON 20 May 2025, CNN reported that a ransomware attack caused a system-wide technology outage at Kettering Adventist Health in Ohio. Disclosures by Kettering Health said the attack was carried out by the ransomware gang InterLock, which threatened to destroy and publish data if demands were not met, with initial access reportedly gained on 9 April 2025. InterLock listed Kettering Health on its dark web leak site in June 2025, claiming they had obtained about 950 GB of data across 732,490 files and 20,251 folders.
The information involved could include former and current individuals’ names, Social Security numbers, and potentially a range of financial, medical, and identification data. Kettering Adventist Health noted the ransomware disrupted services for more than two weeks, affecting access to records and appointment scheduling. As of July 2025, the health system had reported the incident to HHS using a placeholder “501” number, which had not yet been updated.