DaVita, a major kidney dialysis service provider in the US, has disclosed a ransomware incident that encrypted parts of the company’s resources.
DaVita became aware of the incident on April 12th, 2025, the company disclosed in a filing with the Securities and Exchange Commission.
Ransomware “has encrypted certain elements of our network,” the firm said.
DaVita is working with a third-party cybersecurity company and law enforcement. It has activated containment measures and isolated impacted systems.
“Given the recency of the incident, our investigation and response are ongoing, and the full scope, nature, and potential ultimate impact on the Company are not yet known,” the company said.
While systems have been disrupted, DaVita said it continues to provide patient care. The firm confirmed that its operations had been impacted, but it couldn't estimate the duration or extent of the disruption at the time.
No ransomware gangs tracked by the Cybernews Ransomlooker tool have claimed responsibility for the incident, and it's unclear how the threat actor gained access to the company’s systems. Hudson Rock’s data reveals that dozens of DaVita’s employees have been recently compromised with infostealer infections.
DaVita provides kidney dialysis services through a network of outpatient centers in the United States and 13 other countries.
As of December 31st, 2024, DaVita served approximately 281,100 patients at 3,166 outpatient dialysis centers, of which 2,657 centers were located in the US. The firm employs 55,000 people in the US. DaVita primarily treats end-stage renal disease (ESRD), which requires patients to undergo kidney dialysis three times per week.
Your email address will not be published. Required fields are markedmarked