DaVita Confirms Data Breach Impacting 2.4 Million Patients

Healthcare giant DaVita is grappling with fallout of ransomware attack tied to infamous Interlock cybercrime group.

Breach hits millions of dialysis patients

Kidney care provider DaVita has disclosed that nearly 2.4 million individuals had their personal and medical information stolen during a ransomware attack earlier this year.

The company, which operates more than 2,600 dialysis centers across the United States, reported the intrusion to federal regulators in April. Initial filings estimated 2.7 million affected, but DaVita has since lowered the figure.

DaVita said attackers infiltrated its lab database and accessed a trove of sensitive details between March 24 and April 12. Treatment records, dialysis test results, Social Security numbers (SSNs), health insurance data and even images of checks were among the compromised files.

DaVita responds to cyber intrusion

The healthcare provider emphasized that patient care was not disrupted, even though the attack encrypted parts of its network. DaVita said its cybersecurity team, alongside external specialists, acted quickly to contain the incident and notify both regulators and patients.

“On April 12, 2025, we discovered that DaVita experienced a cyber incident that resulted in unauthorized access to certain DaVita network servers,” reads DaVita’s security advisory. “Upon discovery, we initiated our incident response protocols and were able to eradicate the unauthorized party from our systems.”

In response to the breach, DaVita is offering free credit monitoring to affected patients and has pledged to strengthen its digital resolve while contributing to broader cybersecurity efforts across the healthcare sector.

Interlock gang suspected behind attack

While DaVita has not formally attributed the breach, the Interlock ransomware group has claimed the attack and listed the company on its leak site. Interlock has been linked to dozens of attacks on critical infrastructure and healthcare organizations across North America and Europe since late 2024.

The FBI and federal cybersecurity agencies recently issued a joint warning that Interlock affiliates are financially motivated and target essential services. Past Interlock attacks had severe consequences, including the disruption of chemotherapy and surgery appointments and the triggering of a state of emergency in Saint Paul, Minnesota.

Managing the fallout of a data breach

Unfortunately, data breaches strike indiscriminately and the customers or patients of affected entities can do little about it. However, preparing for worst-case scenarios remains crucial. Specialized software like Bitdefender Digital Identity Protection can help you monitor the extent of your online data and act quickly if a data breach has compromised you.

It continuously scours both the public and Dark Web for your data, including traces from services you no longer use, notifies you instantly if you have been exposed by a breach, and helps you quickly patch holes in your digital footprint with one-click action items.