DaVita ransomware attack impacts 2.7M individuals

Dialysis provider DaVita confirmed that 2.7 million individuals were impacted by a data breach stemming from an April 2025 ransomware attack. DaVita provides kidney dialysis services at more than 2,600 outpatient centers in the U.S. and 367 outpatient centers in 11 other countries.

As previously reported, DaVita revealed in an April 2025 Securities and Exchange Commission 8-K filing that it was responding to a ransomware attack that had encrypted certain elements of the company's network.

DaVita noted in the filing that patient care would continue as the company worked to implement containment measures and isolate impacted systems.

Interlock ransomware actors later claimed responsibility for the attack. Interlock also claimed responsibility for a May 2025 cyberattack that caused a system-wide technology outage at Ohio-based Kettering Health.

According to DaVita's official breach notice, the incident began on March 24, 2025, and continued until experts were able to block the cyberthreat actors from DaVita's servers on April 12, 2025. Later that month, the cyberthreat actors posted data on its leak site that it claimed to have stolen from DaVita.

DaVita conducted an investigation and determined that sensitive data from its dialysis labs database was involved in the incident. The impacted patient information included names, addresses, Social Security numbers, health insurance information, dates of birth, health condition and certain dialysis lab test results. For some impacted individuals, pictures of checks written to DaVita and tax identification numbers were involved.

DaVita said it would notify the impacted individuals via mail and offer credit monitoring and identity theft protection to those affected.

"As the sophistication of cyber incidents increases, we remain vigilant, continue to work with authorities and external experts, and enhance both education of our workforce and data security protocols to adapt to this increased sophistication," DaVita stated.

At 2.7 million records breached, the DaVita ransomware attack constitutes one of the largest breaches reported to HHS this year.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.