Interlock Ransomware Gang Exposes Sensitive Data of Leading Kidney Dialysis Firm DaVita
The Interlock ransomware gang has made headlines once again, this time claiming responsibility for a devastating cyberattack on the leading kidney dialysis firm DaVita. The group allegedly stole 1510 GB of sensitive data, including patient records, insurance information, and financial details, which they have now leaked online.
DaVita Inc., with its network of 2,675 outpatient centers in the United States, serving 200,800 patients, and 367 outpatient centers in 11 other countries, serving 49,400 patients, is a cornerstone of kidney dialysis services. The company specializes in treating end-stage renal disease (ESRD), requiring patients to undergo dialysis three times a week unless they receive a kidney transplant.
DaVita holds a significant market share of the U.S. dialysis market, with 37% of the industry's share, and is headquartered in Denver, while incorporated in Delaware. The company has been ranked 341st on the Fortune 500 list, solidifying its position as a major player in the healthcare sector.
On April 18, 2025, DaVita announced that it was investigating and addressing a recent cybersecurity incident that had temporarily disrupted certain internal operations. The company stated that they are prioritizing continuity of in-patient dialysis care following a cyberattack, having activated contingency plans and manual procedures where necessary to secure the affected systems.
"On April 12, 2025, DaVita became aware of a ransomware incident affecting and encrypting certain on-premises systems. We activated our incident response protocols and implemented containment measures, including proactively disconnecting parts of the network," stated the company in a statement. "External cybersecurity experts are assisting with our response, remediation and recovery efforts, and we are in the process of rebuilding and restoring encrypted systems and bringing them back online in a secure manner."
"While the incident has resulted in disruption to our internal operations, we continue to have contingency plans and manual processes in place where needed with a focus on continuity of patient care," continued the company. "The security and integrity of our patients' information is our top priority.
The Interlock ransomware gang has now taken it upon themselves to leak DaVita's alleged stolen files on their data leak site, further exacerbating the situation. The leaked files appear to include sensitive information such as patient records, insurance details, and financial information.
As the investigation into this cyberattack continues, concerns have been raised about the potential consequences for patients who received dialysis services from DaVita. It is imperative that the company prioritizes transparency and communication with its stakeholders during this difficult time.