Phone Scammers Target Ohio Residents Following Cyberattack on Local Health System

Kettering Health is warning customers to exercise vigilance in the wake of a cyberattack as scammers are trying to capitalize on the incident.

Kettering Health, a Seventh-day Adventist non-profit organization headquartered in Kettering, Ohio, operates hospitals, stand-alone emergency departments, clinics and Kettering College.

The healthcare system employs 15,000 people and offers maternity care, cancer treatment, heart and vascular care, and brain and spine surgery. With 1,800 physicians, it operates 14 medical centers and 120 outpatient facilities.

‘Unauthorized access to our network’

On the morning of May 20, Kettering Health suffered “a system-wide technology outage” which immediately impacted its ability to access certain patient care systems.

“We have procedures and plans in place for these types of situations and will continue to provide safe, high-quality care for patients currently in our facilities,” the Tuesday notice read.

The health provider canceled elective inpatient and outpatient procedures for the day, rescheduling the procedures “for a later date,” while promising to provide more information as updates are available. Its call center was also downed because of the “outage.”

13 minutes later, Kettering issued an update – the incident was the result of a targeted attack by hackers:

We are currently experiencing a cybersecurity incident resulting from unauthorized access to our network. We have taken steps to contain and mitigate this activity and are actively investigating and monitoring the situation. We will continue to provide updates as appropriate.

Phone call scams

Later in the evening, a third update warned customers to watch out for phone scams.

“We have confirmed reports that scam calls have occurred from persons claiming to be Kettering Health team members requesting credit card payments for medical expenses,” according to the 5:18 pm notice.

“While it is customary for Kettering Health to contact patients by phone to discuss payment options for medical bills, out of an abundance of caution, we will not be making calls to ask for or receive payment over the phone until further notice,” said Kettering.

Customers are told to report any scam call to law enforcement. While the scams seem perfectly timed to capitalize on the mess caused by the attack, Kettering says it has not yet established whether these scam calls are connected to the incident.

A fourth update, issued Wednesday at 4:58 pm, informs those concerned that “teams across Kettering Health are working diligently around the clock to restore our systems in the aftermath of unauthorized access that caused a system-wide technology outage.”

According to the notice, procedures are being evaluated on a case-by-case basis based upon collaborative decision-making between care teams, with safety as the highest priority. 

For patients whose contact information is available on file, Kettering will contact them about rescheduling procedures.

To head off other potential attack avenues for scammers, Kettering stresses that it will never reach out to staff or patients via social media. Additionally, the healthcare org says it has no evidence (as of yet) that apps like MyChart or the information in them have been compromised.

Ransomware attack

Reports about the Kettering incident say it’s the result of a targeted ransomware attack by a relatively new hacking crew dubbed Interlock.

The hacking operation is known to have attacked healthcare organizations in the past, including DaVita, a kidney care and dialysis services provider with 3,000 centers across the US.

In typical ransomware fashion, the threat actors made off with precious data. According to the Dayton Daily News, the hackers have threatened to leak the stolen data within 72 hours if Kettering doesn’t pay a ransom. It’s not specified how much Interlock is asking for.

What to do if your data is caught in a breach

Anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you know if your data has been compromised or leaked online, what risks you face, and how to protect yourself.

Personal and financial information stolen in breaches fuels socially engineered scams and fraud. When in doubt about a suspicious text, phone call, or social media interaction that cites your personal data, use Scamio, our free, scam-fighting AI bot.

Consider using a security solution on all your personal devices for peace of mind.

You may also want to read:

Cyberattack on US Medical Device Maker Hampers Shipments of Life-Saving Tech

US Healthcare Giant Tells Patients to Watch Out Following Cyberattack

Phished Email at Mammography Service Exposes Records of 350,000 Customers

New Jersey Neurology Practice Fined $25,000 over Ransomware Incident