Kidney dialysis behemoth DaVita has confirmed that cybercriminals accessed personal and health data belonging to 2.7 million people during the April ransomware attack.
In April 2025, DaVita, which operates 3,166 outpatient dialysis centers worldwide and serves over 280,000 patients, fell victim to a ransomware attack, with crooks infiltrating the company’s laboratory servers.
“On April 12th, 2025, we discovered that we experienced a security incident resulting in unauthorized access to certain DaVita network servers, primarily at its laboratories. Upon discovery, we initiated our incident response protocols and were able to eradicate the unauthorized party from our systems on that day,” said the data breach notice.
According to DaVita, the accessed data could have included name, address, date of birth, social security number, health insurance-related information, and other identifiers internal to DaVita, as well as certain clinical information, such as health condition, other treatment information, and certain dialysis lab test results.
“For some individuals, the information included tax identification numbers and, in limited cases, images of personal checks written to DaVita,” the company added.
In a filing with the US Department of Health and Human Services, DaVita confirmed that hackers accessed data of 2,689,826 people. According to the Register, ever since the filing, DaVita has finalized the total number of impacted people, and HHS is expected to bring the value down to 2,4 million.
The Interlock ransomware gang had previously claimed responsibility for the attack.
Threat actors can make use of sensitive medical information to commit identity or insurance fraud, as well as receive fraudulent prescriptions for regulated drugs. Following the incident, DaVita offered complimentary credit monitoring and identity theft protection.
Your email address will not be published. Required fields are markedmarked