Kidney Dialysis Firm DaVita Confirms Ransomware Attack Compromised Data of 2.7M People
DaVita Inc., a leading kidney dialysis firm, has confirmed that it was the victim of a devastating ransomware attack that exposed the personal and health data of nearly 2.7 million individuals. The incident, which occurred between March 24 and April 12, 2025, resulted in the theft of 1510 GB of sensitive data, including patient records, insurance information, and financial data.
The Interlock ransomware gang has claimed responsibility for the cyberattack, which targeted DaVita's network and compromised sensitive data from dialysis labs. The group leaked the stolen files on their data leak site, leaving patients and healthcare professionals concerned about the potential consequences of the breach.
About DaVita Inc.
DaVita Inc. is a kidney dialysis provider that operates through a network of 2,675 outpatient centers in the United States, serving 200,800 patients, and 367 outpatient centers in 11 other countries, serving 49,400 patients. The company specializes in treating end-stage renal disease (ESRD), requiring patients to undergo dialysis three times a week unless they receive a kidney transplant.
DaVita holds a significant share of the U.S. dialysis market and is headquartered in Denver, although incorporated in Delaware. The company has a strong presence globally and is ranked 341st on the Fortune 500 list.
The Breach and Response
DaVita announced on April 18, 2025, that it was investigating and addressing a cybersecurity incident that had temporarily disrupted certain internal operations. The company stated that it had activated its incident response protocols and implemented containment measures to minimize the impact of the breach.
"On April 12, 2025, DaVita became aware of a ransomware incident affecting and encrypting certain on-premises systems," said the company in a statement. "We activated our incident response protocols and implemented containment measures, including proactively disconnecting parts of the network. External cybersecurity experts are assisting with our response, remediation, and recovery efforts, and we are in the process of rebuilding and restoring encrypted systems and bringing them back online in a secure manner."
The Impact of the Breach
The breach exposed personal and health information of nearly 2.7 million individuals, including certain demographic information such as name, address, date of birth, social security number, health insurance-related information, and other identifiers internal to DaVita. In some cases, the stolen data included tax identification numbers and images of checks written to DaVita.
The company emphasized that it is prioritizing continuity of in-patient dialysis care following the cyberattack. "While the incident has resulted in disruption to our internal operations, we continue to have contingency plans and manual processes in place where needed with a focus on continuity of patient care," said the statement.
The Leaked Data
DaVita stated that it had obtained the set of data claimed by the threat actor posted on the leak site and determined that sensitive personal information from its dialysis labs database was involved. The company pointed out that some individuals' stolen data included tax identification numbers, while in limited cases, images of checks written to DaVita were also among the leaked files.