Blog
Cincinnati’s Largest Cyberattacks and What Caused Them

Cincinnati’s Largest Cyberattacks and What Caused Them

By on Sep 2, 2025 in Cybersecurity, Cybersecurity Training, Phishing, Ransomware

Cincinnati has a vibrant business ecosystem—home to major healthcare providers, educational institutions, multinational corporations, and a growing number of mid-sized enterprises.

But along with this growth, the city has also found itself in the crosshairs of a rising wave of cyberattacks. In fact, the FBI’s Cincinnati field office has issued increasingly urgent warnings about escalating threats targeting regional organizations.

The numbers tell a sobering story: in 2024 alone, Ohioans reported more than $278 million in losses due to cybercrime, according to the FBI’s Internet Crime Complaint Center (IC3).

This is an image displaying cybercrime statistics for Ohio

These incidents haven’t just targeted obscure systems or background infrastructure; they’ve directly impacted on some of the region’s most vital institutions.

So, what exactly happened in these breaches, and how did attackers gain access? Let’s look at some of the notable cybersecurity incidents to have struck Cincinnati and see if we can learn from some of the mistakes companies have made.

The Kettering Health Ransomware Crisis
(May 2025)

On May 20, 2025, Kettering Health, Ohio’s largest healthcare network, experienced a devastating ransomware attack that forced the cancellation of scheduled procedures across 14 medical centers and over 120 outpatient facilities.

The Interlock ransomware group claimed responsibility for the attack, which disrupted operations for several weeks and potentially exposed sensitive data for hundreds of thousands of patients.

Hackers know exactly what’s at stake. Unlike other industries that can afford to pause operations during cyber incidents, hospitals have no such luxury. Many are forced to revert to manual, pen-and-paper methods just to keep life-saving services running while simultaneously working to contain security breaches. Although emergency departments stayed operational during the attacks, the disruption to scheduled procedures affected thousands of patients and caused cascading delays across the entire healthcare system.

The Kettering Health ransomware attack likely began with compromised access through phishing emails or exposed remote desktop ports, common tactics used by the Interlock ransomware group. Once inside, they moved laterally across systems, escalated privileges, exfiltrated over 940 GB of sensitive data, and encrypted critical infrastructure to maximize disruption. This dual approach, encryption combined with data theft, represents the evolution of ransomware attacks into sophisticated extortion operations that create multiple pressure points for victim organizations.

Procter & Gamble and the Global GoAnywhere Compromise
(March 2023)

Cincinnati-based global consumer goods giant Procter & Gamble became an unintended victim in one of 2023’s most widespread cyberattacks when the CL0P ransomware group exploited a zero-day vulnerability in Fortra’s Go Anywhere Managed File Transfer software.

This attack was particularly novel and dangerous because it exploited the GoAnywhere vulnerability (CVE-2023-0669), targeting software built specifically for secure file transfers between organizations. By compromising this type of infrastructure, cybercriminals gained access to some of the most sensitive business data across multiple companies at once, a single point of failure with far-reaching consequences.

Image Courtesy of Corvus Insurance

This breach was rooted in third-party risk. A vulnerability in a widely used vendor platform became a gateway, reminding businesses that even trusted software can introduce unseen threats if not continuously monitored and patched.

It impacted more than 130 organizations around the world, showing just how risky a single flaw in widely used enterprise software can be. And the financial fallout went far beyond ransom demands. Large insurance providers, including Aetna and Anthem, agreed to a $20 million settlement to address the consequences of the breach on their systems and customers. But even that amount only scratches the surface. Once you factor in business disruptions, the cost of investigations, legal fees, and damage to long-term reputation, the real financial toll becomes much higher.

Cincinnati Public Schools and State Technical and Community College (November 2022)

Even education institutions in Cincinnati haven’t escaped cyber threats. In September 2024, Cincinnati Public Schools, the largest district in the area, confirmed a ransomware attack mid‑August that gained unauthorized access to its network drives. While no financial theft occurred, the breach likely stemmed from phishing-enabled credential compromise and exposed shared storage areas where sensitive student and staff data resided.

A similar breach struck Cincinnati State Technical and Community College in November 2022, when the Vice Society ransomware group claimed responsibility. They not only encrypted critical data but also leaked years’ worth of personally identifiable information (PII) on leak sites, suggesting possible long-term access before detection.

In both cases, attackers leveraged common vulnerabilities, phishing, credential misuse, and minimal network segmentation, to escalate privileges and move laterally across environments. These weren’t very sophisticated attacks, but they were effective and disruptive.

Usually, these attacks often stem from phishing emails sent to faculty or staff, where a single click can lead to credential theft or malware installation. Educational institutions, especially those with decentralized systems and limited IT security budgets, are often caught off guard.

Greater Cincinnati Behavioral Health Services (December 2023)

Later in 2023, Greater Cincinnati Behavioral Health Services, a key provider of mental health and addiction services in the region, reported a data breach involving unauthorized access to sensitive patient information. The data exposed included names, birthdates, Social Security numbers, and treatment-related details.

This was a quiet, targeted intrusion, likely carried out through stolen VPN credentials or weak endpoint protections. Once inside, attackers exfiltrated data without triggering alarms.

These kinds of breaches are particularly damaging because they don’t just disrupt operations, they erode trust. To prevent them, healthcare organizations need more than HIPAA compliance. They need zero-trust access policies, real-time data loss detection, and tight monitoring of credential use across critical systems.

Cincinnati Real Estate Disruption (August 2023)

In August 2023, real estate agents in Cincinnati were caught off guard when listings became inaccessible, transaction tools failed, and communications were disrupted during peak deal-making hours. But they weren’t alone, a ransomware attack on Rapattoni Corporation, a vendor for Multiple Listing Services (MLS), triggered a nationwide outage that severely impacted real estate markets, including Cincinnati.

Even two weeks after the breach, agents and brokerages were struggling to maintain operations. With MLS systems offline, listings couldn’t reach buyers through third-party sites, leaving sellers dependent on drive-by traffic and manual outreach.

The incident exposed just how vulnerable the industry is to third-party platform failures, especially in time-sensitive, transaction-heavy environments like real estate. It wasn’t just a technical disruption, it forced the entire local ecosystem to confront how quickly cyber incidents can derail even the most routine business functions.

We Help Cincinnati Businesses Conquer Their Cybersecurity Fears 

Often, cyberattacks seem distant, but it’s important to keep in mind that the consequences are very real. Threat actors are leveraging every opportunity they can get to hack. No industry or organization is truly safe.

For every organization struggling with cybersecurity in Cincinnati, preparedness is no longer optional. Investing in MFA, endpoint monitoring, employee training, and incident response plans are essential. Because while not every breach is preventable, most are manageable when organizations are better equipped to deal with them. If your business could use help, reach out to our friendly, accessible team at any time!