As more information become available, Kettering doesn’t yet know the final count of impacted patients.
Kettering recently provided a notice on their website regarding a ransomware attack that took place in May.
Since the attack, Kettering has provided several updates on its progress in the investigation. In their most recent statement, Kettering said they have completed their file review which confirmed that current and former patients had been involved in the attack. According to the review, impacted information includes first and last names, contact information, dates of birth, Social Security numbers, medical information, treatment information, diagnosis information, health insurance information, driver’s license/state identification numbers, financial account information, and/or education records.
Kettering reported the data breach to the Department of Health and Human Services on July 21st, 2025, stating that the incident impacted 501 individuals. They will likely update this number to reveal the total count.
Throughout experiencing and recovering from the attack, Kettering has provided some important updates. Paubox first covered the story in July, 2025, as more information about the potential ransom attack was coming to light. It has since been confirmed by CNN that the ransomware group Interlock was responsible for stealing over 730,000 patient records.
When the attack first took place on May 20th, 2025, it also caused a system-wide outage that impacted 14 of Kettering’s medical centers and its call center. As a result, Kettering made the decision to cancel numerous scheduled inpatient and outpatient procedures and appointments. Some centers and the emergency room remained open.
After three weeks, Kettering Health said they had returned to normal operations.
Kettering has remained transparent throughout this process, showing their steps throughout the investigation and recovery period. The incident also reveals how cyberattacks can directly impact patients, an issue that is causing increasing concern. Recently, a single attack on a hospital in Georgia caused a "total system shutdown" and "weeks of paper-based operations." The incident resulted in canceled appointments, delayed care, and leaked patient records. These cases show that leaked data is only one part of the problem; impacts on care can be an even larger and potentially more dangerous issue.
Breaches that impact more than 500 individuals must be reported to the HHS within 60 days. Kettering likely reported this number as a placeholder to acknowledge that the breach needed to be reported, but that they don’t yet have all of the details.
There are many factors that can complicate the process of resolving and investigating a data breach. If the breach led to a system outage, that generally requires urgent attention. After that, it may take forensic teams months to crawl through data and systems to determine how the breach occurred and who was impacted.