A wave of legal action is now targeting Kettering Health following a devastating ransomware attack in May 2025. Forty-four lawsuits have been consolidated into a single complaint in Montgomery County Common Pleas Court in Ohio. Patients allege that the cyberattack directly caused delayed treatment, denied care, and serious physical harm — raising urgent questions about hospital cybersecurity preparedness nationwide.
Overview of the Kettering Health Cyberattack
Kettering Health, a 14-hospital nonprofit system based in western Ohio, suffered a major ransomware attack on May 20, 2025. The Interlock ransomware group is responsible for the breach. Interlock has targeted numerous U.S. healthcare organizations over the past year.
Who Is Interlock?
Interlock is a cybercriminal group known for attacking healthcare and biotechnology organizations. Cyber threat intelligence firm PRODAFT identified the group — sometimes called Nefarious Mantis — as likely behind the Kettering breach. The group posted stolen data from Kettering for sale on the dark web. Their listing claimed roughly 950 GB of data, comprising 732,490 files and 20,251 folders.
How the Ransomware Attack Disrupted Patient Care
The scale of the outage at Kettering Health was staggering. The attack forced the system to shut down all 600 of its digital applications. Staff members were left using paper records, cellphones, and walkie-talkies to manage patient care across the health network.
A System Left Unprepared
Attorneys representing the plaintiffs argue that Kettering Health had no adequate contingency plan in place. “They had no contingency plan and they just stopped seeing patients,” said attorney Michael Wright of Wright & Schulte LLC. The law firm contends that the breakdown was entirely preventable, and that Kettering failed to maintain guardrails to protect continuous patient care during a network emergency.
The attack also caused some patients to be diverted to other hospitals entirely, further disrupting continuity of care.
What Patients Experienced During the Outage
Many patients paid a severe price for the system’s failure. Appointments were rescheduled for months later — or not at all. Prescription access was cut off. Cancer patients missed scheduled chemotherapy sessions. Moreover, patients were unable to transfer their medical records to other facilities, trapping them in limbo during critical stages of treatment.
Real Stories Behind the Lawsuits
One patient mentioned by attorneys was a man with aggressive cancer whose chemotherapy was abruptly canceled. He could not access his records to seek treatment elsewhere. “That time that it took for them to re-diagnose him, get a new treatment plan, that was all while his cancer was seriously quickly progressing through his body,” said attorney Wright.
Another patient, Doris Roberts, who has stage-four pancreatic cancer, had her first chemotherapy appointment delayed by two weeks because of the breach. She later joined the lawsuit. Additionally, patients feared their stolen information could be weaponized in targeted scams. “My primary concern is that they can use pieces of information on the dark web to create a scam that seems so real and accurate,” said patient Kerry Corthell.
The Lawsuits: Claims, Damages, and Legal Action
Of the 44 complaints originally filed in Montgomery County, 37 allege delayed treatment. Eight claims allege outright denial of care. One plaintiff alleges both. The cases have since grown significantly. By early March 2026, Wright & Schulte had filed more than 200 lawsuits representing approximately 700 patients against the health system.
What Plaintiffs Are Seeking
Plaintiffs are seeking compensatory damages exceeding $25,000 per case, along with punitive damages and attorney fees. Furthermore, attorneys say their office has heard from more than 500 patients suing over stolen personal information. “We want Kettering to put systems in place so this doesn’t happen again. And we want to make sure that those who have been injured be taken care of,” said attorney Wright.
Complicating the litigation, attorneys also allege that Kettering Health has attempted to shift blame onto individual physicians rather than taking institutional responsibility. Consequently, Wright & Schulte say they may need to sue individual doctors as well.
Stolen Data and Dark Web Exposure
Beyond the disruption to care, the attack resulted in a massive data theft. Cybersecurity firm Comparitech discovered the stolen data posted online. The trove included driver’s licenses, payment data, and detailed medical histories belonging to hundreds of thousands of patients.
What Data Was Stolen
Kettering Health confirmed that the following types of information may have been accessed: names, Social Security numbers, financial account numbers, driver’s license numbers, medical and treatment records, health insurance details, billing and claims data, passport numbers, and usernames with associated passwords.
As of early 2026, Kettering confirmed it had notified affected patients. However, it has not disclosed whether it paid a ransom to the attackers.
Kettering Health’s Response to the Crisis
Kettering Health has declined to comment on pending litigation. In its earlier public statement, the health system acknowledged the cyberattack and confirmed it was working to contain and mitigate the incident. The system said it cooperated with law enforcement and cybersecurity experts throughout the investigation.
Slow Recovery and Patient Notification
Kettering confirmed that its electronic health records system eventually came back online. The system also began actively contacting patients to reschedule care. However, attorneys argue the notification process was too slow and lacked transparency. “They have a duty to communicate the nature of the breach, the type of data that was breached, and what happened to it. They haven’t done that,” said attorney Richard Schulte.
What This Means for Healthcare Cybersecurity
The Kettering Health case highlights a growing and dangerous trend. Ransomware attacks on hospitals are no longer just an IT problem — they are a patient safety crisis. When digital systems fail without backup plans, patients with cancer, heart disease, and other urgent conditions bear the heaviest burden.
Accountability Must Drive Change
Healthcare organizations must invest in cybersecurity infrastructure and maintain robust contingency plans for care delivery during outages. The Kettering case may ultimately set legal precedents for how courts hold hospitals accountable when cyberattacks result in direct patient harm.
Regulators, insurers, and hospital administrators nationwide are watching this case closely. The lawsuits may reshape how healthcare cybersecurity compliance is enforced — and how victims are compensated — for years to come.
Pingback: Epic Sued Over MyChart Patient Records Access Issues / March 11, 2026
/