DaVita Confirms Ransomware Breach Exposing Nearly 2.7 Million Patients

U.S. healthcare provider DaVita Inc., one of the largest dialysis service companies in the country, has confirmed that a ransomware attack led to the theft of data belonging to nearly 2.7 million people. The company disclosed the incident through a filing with the U.S. Department of Health and Human Services, which listed 2,689,826 individuals affected. This makes the breach one of the biggest healthcare data thefts reported in 2025.

The company explained that the attack began on March 24, 2025, when hackers gained access to its systems. The intruders remained inside the network for weeks before being detected and removed on April 12, 2025. During this time, the attackers managed to steal information from a database containing dialysis lab records. Parts of DaVita’s systems were also encrypted, though patient care services were not interrupted.

The investigation found that the hackers stole a wide range of sensitive details. The data taken varied by individual, but it included personal details such as names, addresses, and dates of birth. For many, the stolen files also contained Social Security numbers, health insurance information, and clinical records related to dialysis treatment. In some cases, tax identification numbers and even images of personal checks were part of the breach.

DaVita confirmed that the total number of people affected was close to 2.7 million. The figure was reported both in the official HHS breach portal and later confirmed by news agencies such as Reuters. This scale places the incident among the most serious ransomware-related breaches to hit the U.S. healthcare sector this year, adding to growing concerns over patient data security.

Although the company did not officially name the hackers, a ransomware group known as Interlock claimed responsibility in late April 2025. The gang published a statement on its dark web leak site, threatening to release stolen information after negotiations with the company reportedly failed. Eventually, Interlock followed through on its threat and released portions of the data online, which forced DaVita to examine the stolen files and confirm their authenticity.

By June 18, 2025, DaVita publicly acknowledged that information from its dialysis labs database had indeed been leaked. This confirmed the hackers’ claims and highlighted the seriousness of the breach. The company then moved forward with notifying patients and former patients whose records were involved in the incident.

Despite the attack, DaVita emphasized that patient care was not affected and its clinical operations continued without disruption. However, the financial and security impact on the company has been significant. In its quarterly earnings, DaVita reported around $13.5 million in costs related to the cyberattack, covering investigation, security improvements, and operational recovery.

The company has started contacting affected individuals by mail where addresses are available. In addition, DaVita is offering free credit monitoring services to those impacted to help reduce the risk of identity theft or fraud. It has also set up a dedicated call center to answer questions and provide assistance to patients who may be concerned about their information being misused.

Experts warn that the type of data stolen in this case especially Social Security numbers, health details, and financial information can be highly valuable to cybercriminals. Patients are advised to monitor their bank accounts, insurance activity, and credit reports closely in the coming months. Any suspicious activity should be reported immediately to limit potential damage.

This incident is another reminder of the growing threat ransomware poses to the healthcare industry. With sensitive patient data at stake and healthcare providers increasingly targeted, the DaVita attack shows how damaging such breaches can be. While the company has taken steps to respond and support those affected, the long-term risks for millions of people whose personal information is now in the hands of criminals remain a major concern.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news