DaVita, a leading kidney dialysis provider, suffered a significant data breach in April 2025. Here are the main details:
Timeline & Discovery:
- The attack was discovered on April 12, 2025, when DaVita found its laboratory network servers had been breached. The attackers, identified as the “Interlock” ransomware group, were removed from systems the same day.
- Notifications to regulators and breach victims began in August 2025.
Scope & Impact:
- Over 900,000 individuals in the U.S. were affected. DaVita operates over 2,500 centers in the U.S. and globally cares for more than 280,000 patients.
- Sensitive data was stolen, including names, addresses, birth dates, Social Security numbers, phone numbers, health insurance info, diagnosis, insurance provider, treating physician names, and for some, images of checks and financial information.
- DaVita has confirmed the attackers accessed and exfiltrated extensive data, with the ransomware gang claiming over 20TB was taken and 1.5TB leaked online after ransom negotiations failed.
Attack Details:
- The Interlock ransomware group claimed responsibility, posting stolen data on its leak site.
- The compromised data included lab results, clinical information, and various identifiers—impacts varied depending on the individual record.
- DaVita offered free identity theft and credit monitoring to those affected and continues to work with law enforcement and forensic experts.
Patient Care & Operations:
- Despite the attack, DaVita reported no disruption to dialysis care for patients at their centers or for those receiving home treatment, due to the company’s contingency plans.
Legal/Regulatory:
- At least two class action lawsuits have been filed, alleging misuse of stolen data.
- The investigation into the full scope and specifics of compromised information remains active, with further notifications anticipated as details are confirmed.
Precautions for Victims:
- DaVita encourages affected individuals to monitor their credit and health insurance statements for unfamiliar activity.
- Free credit monitoring has been provided; anyone concerned about exposure can check for a breach notice or contact DaVita and review state Attorney General breach listings for their status.
This breach is one of the largest U.S. healthcare sector incidents of 2025 and underscores the continuing risks to sensitive personal and medical data from ransomware actors targeting critical care providers.
