Ransomware victim disclosure
← All victimsKettering Health
Claimed by Interlock · listed 1 year ago
Status timeline
- ListedJun 4, 2025
- Data leakeddate unknown
At a glance
- Group
- Interlock
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Jun 4, 2025
- Records
- 14.000 employees
About the victim
AI dossier — public-source company profileKettering Health is a faith-based healthcare organization headquartered in Kettering, Ohio, serving the Greater Dayton region and surrounding communities. It operates nine hospitals, 12 freestanding acute care facilities, 188 clinics, and Kettering College, with over 1,900 physicians and 14,000 employees.
- Industry
- Healthcare Systems & Hospitals
- Address
- Kettering, Ohio, United States
- Employees
- 14000
Attack summary
Severity: critical — Confirmed data publication by ransomware group targeting a major healthcare system with 14,000+ employees and 188+ clinics. Healthcare organizations handle regulated PII and protected health information (PHI) at scale, making this a critical breach regardless of specific data types disclosed.Interlock claims to have conducted a ransomware attack on Kettering Health. The group has published data; however, the leak post excerpt does not specify the type of data exfiltrated or encryption details.
Data the group says was taken
AI dossier — extracted from the leak post- Patient records
- Medical information
- Personal identifiable information (PII)
What the group claims
Kettering Health - is an organization headquartered in Kettering, Ohio, that operates hospitals, freestanding acute care facilities, clinics, and Kettering College. Kettering Health serves residents of Greater Dayton and surrounding communities. It includes nine hospitals, 12 freestanding acute care facilities, 188 clinics, more than 1,900 physicians, and more than 14,000 employees.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

