Mundo

Cyberattack cripples Kettering Health, delays care across Ohio

Publicado em
Kettering Health logo
Kettering Health logo - Foto Internet Kettering Health logo - Foto Internet
Siga o Mix Vale no GoogleVeja as notícias do Mundo com destaque nas buscas do GoogleAdicionar

A massive cyberattack struck Kettering Health, one of Ohio’s largest healthcare networks, on the morning of May 20, 2025. Digital systems, including electronic medical records and patient portals like MyChart, were knocked offline, causing widespread disruptions. Hospitals and clinics, serving thousands daily, faced significant interruptions, with emergency cases redirected and elective procedures canceled. The severity of the incident prompted a swift response from technology and cybersecurity teams, who are still working to restore operations.

Patients reported challenges accessing critical services, such as scheduling appointments or retrieving test results. Many received calls notifying them of postponed surgeries and consultations. The impact extended to medical staff, forced to rely on manual records, which heightened the risk of delays and errors. The situation sparked concern among local residents, who depend on Kettering Health for routine and emergency care.

The incident underscored the vulnerability of healthcare systems to cyberattacks, reigniting debates about digital security in hospitals. Kettering Health confirmed the attack compromised its technological infrastructure but provided no details on the source or nature of the breach. As investigations continue, the network keeps its emergency departments on high alert, with limited capacity for new patients.

  • Emergency disruptions: All network emergency rooms are on divert status, rerouting patients to other facilities.
  • Mass cancellations: Elective procedures have been suspended, with rescheduling planned for coming weeks.
  • Patient portal outage: MyChart, used for appointments and results, remains inaccessible.
  • Immediate response: IT and cybersecurity teams were mobilized to contain the attack and restore systems.

Community reactions

The cyberattack news triggered alarm across Ohio communities. On social media, patients expressed frustration over their inability to access MyChart or contact Kettering Health’s call center, which was also disabled. One user shared their struggle to schedule an appointment for a severe infection, only to be directed to another facility. The situation has strained nearby hospitals, which are now handling an influx of redirected patients.

Local community organizations launched efforts to guide residents toward alternative care options. Independent clinics and public health centers were recommended as temporary solutions. Dayton’s city government, where Kettering Health operates multiple facilities, pledged logistical support, including emergency phone lines to manage the crisis.

Uncertainty about the outage’s duration worries doctors and administrators. A network spokesperson stated that efforts to restore systems are ongoing, but no timeline for full recovery exists. The lack of electronic records has forced staff to use paper-based methods, slowing operations and increasing pressure on healthcare workers.

History of healthcare cyberattacks

Cyberattacks on healthcare systems are not new. Over the past decade, hospitals worldwide have faced breaches that compromised patient data and halted operations. In 2020, Universal Health Services, a major U.S. hospital chain, endured a ransomware attack that disabled computers, forcing nurses to label medications by hand. Similar incidents hit Tenet Healthcare in 2022 and Ascension in 2024, both large healthcare providers.

Kettering Health itself faced technical issues in 2024, when a global CrowdStrike outage impacted healthcare systems across multiple states. Though not a deliberate attack, that event exposed weaknesses in hospital digital infrastructure. Experts note that the reliance on interconnected systems makes healthcare an easy target for hackers.

  • Ransomware prevalence: Ransomware accounts for 60% of healthcare cyber incidents.
  • Financial toll: A single attack can cost hospitals up to $10 million in recovery and fines.
  • Sensitive data: Stolen medical records fetch up to $1,000 each on dark web markets.

Emergency measures implemented

Kettering Health activated its incident command center immediately after detecting the attack. IT teams worked to isolate compromised systems and prevent further spread. Third-party cybersecurity experts were brought in to assist with the investigation and recovery. The network is collaborating with federal authorities, including the FBI, to identify the perpetrators.

Hospitals adopted contingency protocols to maintain care. Emergency units prioritized critical cases, while less urgent patients were diverted. Manual record-keeping, though functional short-term, poses logistical challenges, such as accessing complete patient histories.

Patient communication was also disrupted. The call center, which handles appointments and inquiries, remains offline, forcing Kettering Health to rely on emails and social media updates. The network advised patients to avoid MyChart until security is restored.

Effects on medical procedures

Elective surgeries, including orthopedic and cardiac operations, were postponed across Kettering Health facilities. Patients awaiting procedures for months received calls about rescheduling. The suspensions particularly affected elderly patients and those with chronic conditions, who rely on regular interventions for quality of life.

Outpatient appointments were canceled, except for priority cases. Specialty clinics, such as oncology and cardiology, are operating at reduced capacity, serving only patients in ongoing treatment. The inability to access test results, stored digitally, has hindered new diagnoses.

  • Delayed surgeries: Thousands of procedures were postponed in the first week.
  • Outpatient care: In-person appointments dropped by 70% at some locations.
  • Emergency services: ERs are functioning at 50% normal capacity.
  • Chronic care: Cancer and heart disease patients face delays in treatments.

Government response

Ohio’s state government acted swiftly. Governor Mike DeWine announced resources to support Kettering Health and other affected institutions. The Ohio National Guard’s cybersecurity unit was deployed to assist in containment efforts. Local authorities also bolstered security at other regional hospitals, fearing additional attacks.

The FBI and U.S. Department of Homeland Security are investigating. While no evidence suggests political motives, the involvement of international criminal groups has not been ruled out. Cybersecurity experts warn that ransomware attacks, common in such cases, are often orchestrated by hackers in countries with limited judicial cooperation.

The Cybersecurity and Infrastructure Security Agency (CISA) issued a healthcare sector alert, urging system updates and multifactor authentication. CISA also offered free training to hospitals seeking to strengthen digital defenses.

Concerns over patient data

The potential for data breaches alarms patients and officials. Healthcare cyberattacks often result in stolen sensitive information, including medical histories, Social Security numbers, and payment details. Such data can fuel fraud or be sold on underground markets.

Kettering Health has not confirmed whether personal data was compromised but is conducting a full audit. Patients were advised to monitor bank accounts for suspicious activity. The network partnered with an identity protection firm to provide support to those affected.

  • Breach risks: Stolen medical data can lead to identity theft and extortion.
  • Ongoing audit: Kettering Health is reviewing systems for potential vulnerabilities.
  • Protective measures: Free credit monitoring services are available to patients.

Patient alternatives

With Kettering Health services disrupted, patients were directed to other providers. Hospitals in Cincinnati and Columbus, unaffected by the attack, expanded capacity to handle demand. Community clinics and public health centers were mobilized to offer consultations and tests.

Nonprofit organizations, like the Red Cross, are providing logistical aid, including transportation for patients traveling to other cities. Local pharmacies were instructed to prioritize medication delivery for Kettering Health clients, particularly those in ongoing treatments.

Dayton’s city government launched a website listing operational healthcare facilities. The site includes hospitals, clinics, and pharmacies, along with emergency contact information.

Preparing for future threats

Hospitals globally are investing in cyberattack prevention. Kettering Health had previously implemented firewalls and intrusion detection systems. However, the sophistication of recent attacks highlights the limitations of current defenses.

Regular staff training is standard in healthcare. At Kettering Health, employees undergo simulations to identify and respond to cyber threats. Yet, the rapid evolution of hacking techniques demands constant system updates.

  • Security investments: Hospitals spend millions yearly on protective software.
  • Continuous training: Staff learn to spot phishing emails and other risks.
  • Data backups: Offline copies enable quick data restoration.
  • External partnerships: Cybersecurity firms provide real-time crisis support.

Strain on healthcare infrastructure

The Kettering Health attack exposed the fragility of healthcare’s digital infrastructure. Interconnected systems, while efficient for data sharing, create entry points for hackers. Reliance on third-party software, like Microsoft or CrowdStrike, heightens the risk of cascading failures.

Smaller hospitals, often lacking dedicated IT teams, are particularly vulnerable. Even large networks like Kettering Health struggle to keep systems updated across all sites. The cost of modernizing technology remains a barrier for many providers.

The crisis underscored the need for stricter cybersecurity regulations in healthcare. U.S. Congressional proposals aim to set minimum standards, including mandatory offline backups and regular vulnerability testing.

Recovery efforts

Kettering Health is working around the clock to restore systems. IT engineers are rebuilding servers and verifying data integrity. The priority is reactivating MyChart and electronic records, critical for patient care. The network is also installing security updates to prevent further attacks.

Patients are receiving updates via official statements. Kettering Health established a hotline to address concerns and assist with rescheduling. Meanwhile, facilities operate with limited resources, focusing on high-priority cases.

Community mobilization

Dayton’s community rallied to support those impacted. Volunteers are distributing medical supplies and guiding patients to alternative care sites. Local schools opened facilities as temporary triage centers, easing hospital strain.

Regional businesses stepped up. A pharmacy chain offered free medications for Kettering Health patients unable to access prescriptions. Local restaurants are donating meals to healthcare workers on extended shifts.

  • Volunteer support: Hundreds signed up to assist at triage centers.
  • Business contributions: Pharmacies and restaurants provide supplies and food.
  • Temporary facilities: Schools offer gymnasiums for emergency medical use.
Tag, , , , , ,
To Top