Kidney dialysis agency DaVita has confirmed {that a} ransomware gang that breached its community stole the non-public and well being info of almost 2.7 million people.
DaVita serves over 265,400 sufferers throughout 3,113 outpatient dialysis facilities, 2,660 in the US, and 453 facilities in 13 different nations worldwide. The corporate reported revenues of over $12 billion in 2024 and of $3.3 billion for the second quarter of 2025.
In April, the healthcare supplier revealed in a submitting with the U.S. Securities and Alternate Fee (SEC) that its operations have been disrupted after attackers partially encrypted its community over the weekend.
Based on a devoted web site with extra info relating to the ensuing data breach, the attackers gained entry to DaVita’s community on March 24 and have been evicted after the corporate detected the incident on April 12.
Whereas inside its methods, the risk actors stole information from DaVita’s dialysis labs database, which included a mix of private (e.g., identify, deal with, date of delivery, and social security quantity), well being insurance-related, and well being (e.g., situation, therapy info, and dialysis lab check outcomes) info.
For some people, the stolen info additionally contains tax identification numbers and, in some circumstances, photographs of private checks.
On Thursday, the Division of Well being’s Workplace for Civil Rights up to date its breach portal, confirming that DaVita reported a complete of two,689,826 individuals had their information stolen within the incident.
Though the kidney dialysis agency hasn’t linked the assault to a particular ransomware operation, the Interlock ransomware gang claimed duty for the breach in late April.
Interlock additionally leaked the allegedly stolen information on its darkish net portal after negotiations with DaVita had failed, claiming it had stolen roughly 1.5 terabytes of information from the corporate’s compromised methods, or almost 700,000 recordsdata containing what gave the impression to be delicate affected person information, insurance coverage particulars, person account info, and monetary information.
Virtually one month later, on June 18, DaVita additionally obtained leaked recordsdata and confirmed their legitimacy after discovering that a few of them had been stolen from its dialysis labs.
A DaVita spokesperson was not instantly out there for remark when BleepingComputer reached out earlier at present for extra particulars relating to the breach.
The Interlock ransomware operation emerged in September 2024, concentrating on victims worldwide throughout a number of industries and focusing totally on healthcare organizations.
Interlock has been linked to ClickFix and malware assaults, throughout which they deployed a distant entry trojan referred to as NodeSnake on the networks of a number of universities in the UK.
Extra just lately, the cybercrime gang additionally claimed to have hacked Kettering Well being, a healthcare big with over 120 outpatient services and greater than 15,000 workers.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
