Kidney dialysis agency DaVita has confirmed {that a} ransomware gang that breached its community stole the private and well being data of almost 2.7 million people.
DaVita serves over 265,400 sufferers throughout 3,113 outpatient dialysis facilities, 2,660 in the USA, and 453 facilities in 13 different international locations worldwide. The corporate reported revenues of over $12 billion in 2024 and of $3.3 billion for the second quarter of 2025.
In April, the healthcare supplier revealed in a submitting with the U.S. Securities and Change Fee (SEC) that its operations have been disrupted after attackers partially encrypted its community over the weekend.
Based on a devoted web site with extra data relating to the ensuing knowledge breach, the attackers gained entry to DaVita’s community on March 24 and have been evicted after the corporate detected the incident on April 12.
Whereas inside its methods, the risk actors stole knowledge from DaVita’s dialysis labs database, which included a mix of non-public (e.g., title, handle, date of delivery, and social safety quantity), well being insurance-related, and well being (e.g., situation, therapy data, and dialysis lab take a look at outcomes) data.
For some people, the stolen data additionally contains tax identification numbers and, in some instances, photos of non-public checks.
On Thursday, the Division of Well being’s Workplace for Civil Rights (OCR) up to date its breach portal, confirming that DaVita reported a complete of two,689,826 individuals had their knowledge stolen within the incident.
Nonetheless, BleepingComputer has additionally realized that DaVita’s workforce discovered the precise variety of people affected by the incident to be 2.4 million after submitting data to the OCR. Though the corporate has not publicly confirmed this quantity, the OCR is anticipated to replace its portal within the coming days.
Though the kidney dialysis agency hasn’t linked the assault to a particular ransomware operation, the Interlock ransomware gang claimed accountability for the breach in late April.
Interlock additionally leaked the allegedly stolen knowledge on its darkish net portal after negotiations with DaVita had failed, claiming it had stolen roughly 1.5 terabytes of knowledge from the corporate’s compromised methods, or almost 700,000 information containing what gave the impression to be delicate affected person information, insurance coverage particulars, person account data, and monetary knowledge.
Nearly one month later, on June 18, DaVita additionally obtained leaked information and confirmed their legitimacy after discovering that a few of them had been stolen from its dialysis labs.
When BleepingComputer reached out for extra particulars relating to the breach, a DaVita spokesperson did not verify whether or not the Interlock gang was behind the assault or whether or not the corporate had obtained a ransom demand after the incident.
“Regrettably, now we have decided that the risk actor gained unauthorized entry to our labs database, which contained some sufferers’ delicate private data,” the spokesperson stated. “Because of this, we’re notifying present and former sufferers and offering them with assets, together with complimentary credit score monitoring, to assist safeguard their knowledge.”
The Interlock ransomware operation emerged in September 2024, concentrating on victims worldwide throughout a number of industries with a spotlight on healthcare organizations.
Interlock has been linked to ClickFix and malware assaults, throughout which they deployed a distant entry trojan referred to as NodeSnake on the networks of a number of universities in the UK.
Extra lately, the cybercrime gang additionally claimed to have hacked Kettering Well being, a healthcare large with over 120 outpatient services and greater than 15,000 staff.
Replace August 22, 08:31 EDT: Added DaVita assertion.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration tendencies.
