DaVita Data Breach Exposes Sensitive Information of Over 2.6 Million Patients

Renal care and dialysis provider DaVita said the data security incident it suffered earlier this year compromised the sensitive personal data of over 2.6 million patients.

 

In a filing with the U.S. Securities and Exchange Commission, DaVita said that on April 12, it suffered a significant ransomware attack that involved threat actors infiltrating the company’s internal network and deploying malware to encrypt systems, rendering them inaccessible.

 

The healthcare company added that despite the operational hindrance, it continued providing patient care to the best of its ability.

 

In a recent update, DaVita said that the ransomware attack led to the exfiltration of data from its internal database.

 

“Through an extensive investigation, we understand that the cyber incident started on March 24, 2025, and continued until the threat actor was blocked from our servers on April 12, 2025. On April 24, 2025, the threat actor posted on its leak site data it claimed to have taken from DaVita.  

 

“DaVita worked diligently to determine what information was involved, and on or about June 18, 2025, we were able to obtain the set of data the threat actor posted and determine that sensitive personal information from our dialysis labs database was involved,” DaVita said.

 

The incident was reported to several state attorneys general, including those in Oregon, Texas, South Carolina, Washington, and Massachusetts, where DaVita said it has identified over a million individuals affected by the breach.

 

In a recent filing with the U.S. Department of Health and Human Services Office for Civil Rights Data said it has identified at least 2,689,826 individuals impacted by the incident.

 

On April 24, the Interlock ransomware group claimed responsibility for the cyber attack on DaVita and listed it as a victim on its data leak site. The group claimed to be in possession of more than 1.5 TB of data stolen from the company, including approximately 700,000 files containing sensitive patient data, information on user accounts, insurance, and financial information.