Data leak at DaVita exposes personal information of 2.4 million patients

In early 2025, DaVita, a prominent healthcare giant, fell victim to a ransomware attack by the Interlock group. The attack occurred between March 24 and April 12, 2025, and targeted DaVita's lab database, resulting in the theft of personal and medical information.

The FBI and federal cybersecurity agencies have issued a joint warning about Interlock, stating that they are financially motivated and target essential services. The Interlock ransomware group has claimed responsibility for the attack on DaVita, and while there is no explicit public confirmation that the FBI or other official authorities have formally linked the attack to Interlock, the gang itself claimed responsibility and leaked stolen data.

The compromised data includes treatment records, dialysis test results, Social Security numbers, health insurance data, and images of checks. DaVita emphasized that patient care was not disrupted despite parts of its network being encrypted. The company's cybersecurity team, along with external specialists, acted quickly to contain the incident and notify both regulators and patients.

Initially, it was estimated that 2.7 million individuals were affected. However, the number has since been revised, with nearly 2.4 million individuals who received dialysis services from DaVita being affected.

Past Interlock attacks have had severe consequences, including the disruption of chemotherapy and surgery appointments. To help protect individuals affected by this breach, specialized software like Bitdefender Digital Identity Protection can be beneficial. This software helps monitor the extent of your online data, quickly patches holes in your digital footprint with one-click action items, continuously scours both the public and Dark Web for your data, and notifies you instantly if you have been exposed by a breach.

DaVita issued a security advisory stating that they were able to remove the unauthorized party from their systems on April 12, 2025. The company also reported the incident to federal regulators and U.S. authorities. It's crucial for all individuals to stay vigilant and proactive in protecting their personal and sensitive information in the face of such cyber threats.