Skip to content
medical-conditions β€” Science β€” cybersecurity β€” Technology β€” general-news β€” Crime-and-justice

Information Breach: Confidential Data Pilfered in Cyberattack Targeting Kidney Dialysis Service Provider DaVita

Attackers apparently stole sensitive personal and clinical data, such as lab test results, during a reported ransomware attack.

 and  Administrator
2 min read
Unauthorized Access Obtained, Private Patient Data of DaVita Kidney Dialysis Company Compromised in...
Unauthorized Access Obtained, Private Patient Data of DaVita Kidney Dialysis Company Compromised in Cyber Incident

Information Breach: Confidential Data Pilfered in Cyberattack Targeting Kidney Dialysis Service Provider DaVita

In a significant development, US-based kidney dialysis provider DaVita has confirmed a data breach affecting over 900,000 customers. The incident, which occurred from March 24, 2025, to April 12, is reportedly ransomware-related, although DaVita has not yet provided any details on the perpetrator.

The U.S. Department of Health and Human Services (HHS) reported the ransomware attack on DaVita on August 5, 2025. The financial results of the second quarter 2025, published on the same day, reveal the cost of the incident. DaVita disclosed that it cost approximately $13.5m to remediate and restore systems with the help of third-party cybersecurity professionals.

The Interlock ransomware group claimed responsibility for the attack and alleged to have stolen 1.5 TB of data from DaVita. However, DaVita has not confirmed this claim. Comparitech, a cybersecurity research firm, reported a huge surge in ransomware incidents impacting healthcare in 2024. Yet, in the first half of 2025, they reported a slower rate of ransomware attacks on the healthcare industry compared to other sectors.

The stolen data includes personally identifiable information, clinical information, and in some cases, tax identification numbers and images of checks. Impacted customers have been advised to be vigilant against identity theft and fraud. DaVita is offering free credit monitoring services to the affected customers.

The attack is not the only incident affecting the healthcare sector. In 2025, numerous high profile incidents affecting healthcare firms have taken place, one of which affected Ohio-based Kettering Health. The provider had to cancel elective inpatient and outpatient procedures across its 14 hospitals and over 120 facilities due to an unspecified incident.

Comparitech analysed the claim by the Interlock ransomware group and reported images of part of the dataset were posted to prove the claim. However, the group's claim has not been confirmed by DaVita. The impact related to business interruption on DaVita’s results has not been specified.

It is crucial for all organisations, especially those in the healthcare sector, to prioritise cybersecurity measures to protect sensitive data and minimise the risk of such incidents. The cost and impact of such breaches can be substantial, both financially and in terms of customer trust.

Read also:

Related

Latest