The Ransomware Interlock group said that it had 732,490 files on 20,418 files stolen from Kettering Health, by publishing on this subject on its data leak site on Dark Web, according to an image published by Compartech cybersecurity company and other technological new sites.
Kettering Health said he thought that entry is the group behind the May 20 cyber attack, he said in its last update on the technology failure resulting from the cyber attack. The hospital organization did not respond to any of the allegations concerning the stolen data.
“We have great confidence that our devices connected to the network are secure and that our connections with our partners are fully protected,” said Kettering Health.
Last week, the CEO of Kettering Health, Michael Gentry, said that a “small subset” of his data had been accessible by an unauthorized user and that the hospital organization was still working to know what was accessible.
Stolen files include identification cards, payment data, financial documents and more, said Compartech.
“They publish it online to sell it,” said JP Castellanos, director of threats to Binary Defense, a cybersecurity company in northeast Ohio.
In addition to trying to sell the data, the authors can try to force Kettering Health to pay money.
Castellanos has also seen the post on the Interlock data leak site on the Dark web, saying that the ransomware group probably uses a double extortion technique. Because Kettering Health probably did not give in to ransom request, the embodiment potentially tries to charge Kettering’s health by exposing part of what they have online.
This technique can potentially cause damage to Kettering’s health reputation given how this may be a violation of federal law which restricts information on patient health.
TechcrunchAnother technological new site, has examined part of what has been published, saying that documents include information on patients, clinical summaries and employee data.
When The cyber attack occurredSources told Dayton Daily News that hackers seemed to threaten to destroy data and publicly publish sensitive data on the Dark Web if hospital officials did not contact and negotiated within 72 hours.
The administrators of the May 23 hospital confirmed that they thought that the cyber attack was a ransomware attack. They said they had no direct contact with the attacker and had not paid for a ransom.
Since May 20, patients have dealt with canceled appointments, delayed medical treatments and an inability to call their care teams or access Mychart. Some patients who need emergency medical care have been diverted from Kettering Health emergency rooms for most of this breakdown, but this diversion ended last week.
Monday, Kettering Health was able to access his internal health file software, Epic, although the work is still in progress with Mychart, an online patient portal.
Kettering Health has listed his other actions in his current technological recovery in his last update, in particular:
- Complete elimination of threats: the tools and persistence mechanisms used by the third party group have been eradicated, and all the affected systems have been secured, according to Kettering Health.
- Safety improvements: An examination of all systems was carried out by external partners and the internal team of Kettering Health. They found that the necessary security protocols, including network segmentation, improved surveillance and updated access controls, are in place.
- Vulnerability assessment and corrective: external partners and Kettering Health internal team have examined its systems. All updates and fixes are in place.
For patients with Kettering health with urgent health issues, call 937-600-6879 between 8 a.m. and 5 p.m. Monday to Friday.
After hours, patients from the Kettering Health Medical Group can call Matchmd at 1-866-257-5363.
For medical emergencies, patients are invited to go to the nearest emergency service.
Kettering Health has 14 medical centers in the region and more than 120 ambulatory locations in western Ohio, as well as the Kettering doctors network, which includes more than 700 suppliers certified on the board of directors.