Interlock group claims major ransomware attack on renal care provider DaVita
The infamous Interlock ransomware group said it breached the internal network of renal care and dialysis provider DaVita and stole more than 1.5TB of confidential data.
Headquartered in Denver, Colorado, DaVita is a leading provider of kidney dialysis and comprehensive kidney care services, primarily serving patients with end-stage renal disease. Operating over 2,600 outpatient treatment centres, DaVita is a Fortune 500 company with operations in 12 countries globally.
In a filing with the U.S. Securities and Exchange Commission, DaVita said that on April 12, it suffered a significant ransomware attack that involved threat actors infiltrating the company’s internal network and deploying malware to encrypt systems, rendering them inaccessible.
“The incident is impacting some of our operations, and while we have implemented interim measures to allow for the restoration of certain functions, we cannot estimate the duration or extent of the disruption at this time,” DaVita said.
The healthcare company, however, added that despite the operational hindrance, it is providing patient care to the best of its ability.
On April 24, the Interlock ransomware group claimed responsibility for the cyber attack on DaVita and listed it as a victim on its data leak site. The group claimed to be in possession of more than 1.5 TB of data stolen from the company, including approximately 700,000 files containing sensitive patient data, information on user accounts, insurance, and financial information.
📢 Ransomware Alert:
— FalconFeeds.io (@FalconFeedsio) April 24, 2025
DaVita Inc., a U.S.-based Fortune 500 healthcare provider, specializing in kidney care and dialysis services, falls victim to INTERLOCK Ransomware.
🔍 Key Details:
🛡Threat Actor : INTERLOCK
📅Published date : 24-04-2025
⚠ Data Size : 510 GB pic.twitter.com/vsdkCWF29K
Acknowledging the claims of the hacker group, in a statement shared with the media, a DaVita spokesperson said, “We are aware of the post on the dark web and are in the process of conducting a thorough review of the data involved.
“A full investigation regarding this incident is still underway. We are working as quickly as possible and will notify any affected parties and individuals, as appropriate."
“We are disappointed in these actions against the healthcare community and will continue to share helpful information with our vendors and partners to raise awareness on how to defend against these attacks in the future,” he added.
Related Articles
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543