Kidney dialysis provider DaVita hit by ransomware attack disrupting operations
Learn More
DaVita Inc., a Denver-based kidney dialysis provider, is reporting a ransomware attack that has encrypted portions of its network and disrupted some operations. The company, which operates over 2,600 outpatient dialysis centers across the United States and 367 additional centers in 11 other countries, first detected the incident on April 12, 2025.
According to DaVita's report, the ransomware attack "encrypted certain elements of our network." The company has implemented containment measures and contingency plans to continue providing patient care, but it acknowledged that "the incident is impacting some of our operations." DaVita stated it "cannot estimate the duration or extent of the disruption at this time."
The attack appears to have been strategically timed for the weekend when IT teams are typically understaffed and response capabilities may be limited. This timing aligns with common ransomware tactics. DaVita has activated response protocols, isolated impacted systems, engaged third-party cybersecurity professionals and notified law enforcement.
No details are disclosed about any exposed data or number of affected individuals.
The company has deployed contingency plans to maintain patient care. They emphasized that patient care is continuing despite the disruption.
There have been no announcements from major ransomware groups claiming responsibility for the attack.
Update - as of 24th of April 2025, Interlock ransomware gang has claimed responsibility for the recent cyberattack on DaVita. According to Interlock's claims, they have exfiltrated approximately 1.5 terabytes of data from the healthcare company, comprising nearly 700,000 files. These files allegedly contain highly sensitive information including:
- patient records,
- user account details,
- insurance information,
- financial data.
The healthcare provider stated they are currently validating the cybercriminal's claims and conducting a review of the potentially compromised data. DaVita has committed to notifying relevant parties and individuals in accordance with applicable laws and regulations based on their findings.
As of 5th of August 2025, DaVita, several state attorneys general offices - including Massachusetts, Oregon, South Carolina, Texas and Washington - had posted data breach reports DaVita. In total, those five reports reflect more than one million affected patients. The largest impact so far was in Oregon, where DaVita reported affected 915,952 individuals. Exposed data includes:
- Names
- Addresses
- Dates of birth
- Social Security numbers
- Health insurance information
- Health conditions
- Dialysis lab test results
- Treatment information
- Tax identification numbers (for some individuals)
- Images of checks written to DaVita (in limited cases)
As of 21st of August, the U.S. health department's website reports that DaVita's incident impacted 2,689,826 people.
BleepingComputer has learned that DaVita's team found the actual number of individuals affected by the incident to be 2.4 million after submitting information to the OCR. Although the company has not publicly confirmed this number, the OCR is expected to update its portal in the coming days.
