Powell has breast cancer, which has not yet spread to her lymph nodes. She’s currently scheduled for surgery on Friday, but she’s not sure yet if that will happen as planned since her doctors no longer have access to her medical records, including the testing she went through in preparation for this surgery.
“I need this surgery because I need to get done before it spreads,” Powell said.
Powell is not getting many answers, she said, adding that her care team likely doesn’t have the answers themselves as this technology outage continues.
As Powell waits to find out whether or not she will have the surgery, she hopes that she is still able to get her procedure done at Kettering Health.
“I absolutely love my team at Kettering (Health),” Powell said. “This is not Kettering’s fault. This is no one’s fault. This is just the world we live in.”
Working on restoring access
Hackers appear to be threatening to destroy data and publicly publish sensitive data on the dark web if hospital officials don’t reach out and negotiate within 72 hours, according to information shared with the Dayton Daily News by an anonymous source.
“Teams across Kettering Health are working diligently around the clock to restore our systems in the aftermath of unauthorized access that caused a system-wide technology outage,” Kettering Health said in an updated statement Wednesday evening.
“At this time, procedures are being evaluated on a case-by-case basis based upon collaborative decision-making between care teams, with safety as our highest priority,” Kettering Health said.
If care teams have patients’ contact information, they will contact patients by phone about rescheduling procedures, the hospital system said.
“While we recognize this process has not been seamless, and we ask for everyone’s patience while we continue to work through this issue,” Kettering Health said.
Health care organizations at risk
Kettering Health has not confirmed if the cyberattack is a ransomware incident, but this news outlet talked to an expert who speculates that this has the hallmarks of such an attack.
“If we’re dealing with ransomware, one of the reasons that the health sector is seeing an increase in these types of attacks is, when you’re engaged in extortion, you want to coerce the other side to give you money, you want them to feel as much urgency as possible,” said Richard Harknett, director of the Center for Cyber Strategy and Policy at the University of Cincinnati.
Ransomware gangs don’t want to risk getting identified if the interaction is too prolonged, he said, but there’s more at stake when it comes to people’s health care.
“The implication is that people’s lives could be at stake if you could actually get to fundamental disruption of medical systems,” Harknett said.
That puts a lot of pressure on the organization to pay up and pay quickly, he said.
Cyber extortion
Since the cyberattack at Kettering Health is known and causing an ongoing technology outage, it’s likely that any possible perpetrators are after financial gain from Kettering Health itself.
“When we have systems lock up like this, it’s to coerce, to get something out of the organization,” Harknett said. “The primary goal for most of these actors is to get money (typically paid) in Bitcoin, a type of digital currency.”
Ransomware attacks work by people infiltrating the victim’s system and locking the system with their own encryption so the victim’s computers are not able to access the information it’s supposed to be able to access, he said.
“They have a key, a code, that they can give you that will unlock the malware that they use to lock up your system,” Harknett said. “That’s what happens in the first level of extortion. They say, ‘Here you are, we’ve locked up your system, pay us this, or you don’t get your system back.”
This can be expensive for the organization to deal with, and the malware can be nearly impossible for the victim to get around on their own, he said.
‘Not your basement hooded hackers’
Online speculation has questioned whether or not the perpetrator would have any reason not to go ahead and sell stolen data on the dark web even after getting its ransom payment from the victim.
The gangs that perpetrate these crimes are sophisticated organizations, Harknett said, and they have an incentive to be seen as trustworthy thieves.
“These are not your basement hooded hackers,” Harknett said.
These organizations, in most cases, have technical teams that do the exploiting, a separate negotiating team to put pressure on the victim and then a financial team who will collect the ransom, Harknett said.
“They’re very public about it. They have reputations that they want to maintain as being the biggest and the baddest,” Harknett said.
If an organization like this were to take the ransom and then sell the data anyway, there’s less of a reason for their future victims to pay the ransom.
“They have data leak sites attributing themselves to attacks. I know, as of last night, no one had posted to known data leak sites responsibility for this. They usually wait until they conclude the attack,” Harknett said.
The idea is that they can show future victims that they will follow through on what they said they would do as proof that they will de-encrypt the victim’s computer system.
“You can trust us to be honorable thieves is the kind of reputation building that they engage in,” Harknett said.
Concerns over identity theft
There’s not much for the public to do at this point, but people who are concerned about their information getting stolen can monitor their credit cards if they are worried about identity theft.
Be wary of very small, unknown purchases that are like $2 or $3 type purchases. Those can be tests to see whether the credit card will be accepted before the perpetrator tries for a larger purchase.
“We understand our patients’ concerns for their privacy and information security. We have no evidence that personal cell phone apps, like MyChart, or the information in them have been compromised,” Kettering Health said.
Additionally, Kettering Health will never reach out to staff or patients via social media, it said.
Kettering Health will also be sharing updates about this cyberattack at ketteringhealth.org/system-wide-technology-outage.
Region adapting to challenges
Premier Health declined to comment on the impact of Kettering Health’s technology outage might be having on its operations or if patients are being referred to their hospitals.
Mercy Health saw a slight increase in patient volumes in its emergency department and a few surgical cases, but its operations are otherwise unaffected, the organization said.
Member hospitals of the Greater Dayton Area Hospital Association are continuing to work together to increase staffing and capacity at non-impacted acute care facilities to ensure the region’s health care system can meet the community’s needs, the association said Wednesday evening.
Local jurisdictions’ emergency medical services are also receiving updates pertaining to patient transport.
“GDAHA is working closely with Kettering Health and local jurisdictions to provide timely updates through the statewide EMS platform and ensure that EMS crews have access to the most up-to-date, accurate information for patient transport decisions,” the association said.
About the Author
