Kidney dialysis services provider DaVita is notifying over one million individuals that their personal, financial, and health information was compromised in a ransomware attack in April 2025.
DaVita disclosed the incident in a filing with the Securities and Exchange Commission (SEC) shortly after it occurred, saying it immediately activated response protocols and containment measures.
On August 1, DaVita updated its security notice, revealing that the ransomware attack did result in a data breach, as the attackers accessed its dialysis labs database.
The compromised information, it said, included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, government ID numbers, financial information, medical and treatment information, health insurance details, internal DaVita identifiers, and lab test results.
In some cases, tax identification numbers and images of personal checks written to the healthcare provider were also compromised.
Some of the impacted individuals were not directly treated by the healthcare organization – their information was maintained by DaVita Labs as it processes lab results for other providers, practices, and entities.
Notices DaVita filed with the Attorney General’s Offices in Massachusetts, Oregon, South Carolina, Texas, and Washington State show that more than one million individuals were affected by the data breach, and that they were provided with free credit monitoring and identity theft protection services.
The exact number of impacted people, however, is unclear, as DaVita did not reveal it and the incident has not been listed on the US Department of Health and Human Services’ breach portal.
SecurityWeek has emailed DaVita for additional information on the data breach and will update this article if the healthcare provider responds.
In an August 5 filing with the SEC, DaVita said it incurred charges of $13.5 million from the incident, as patient care costs increased by $1 million and expenses related to system remediation and restoration were of approximately $12.5 million.
“This does not include the impact related to business interruption on our results,” it said.
While DaVita has not named the ransomware group behind the attack, the Interlock gang claimed the incident in April, adding the dialysis services provider to its Tor-based leak site, which is currently inaccessible. Interlock said it stole roughly 1.5 terabytes of data from DaVita.
According to a recent joint advisory from US agencies CISA, FBI, HHS, and MS-ISAC, Interlock has been responsible for multiple attacks against critical infrastructure, businesses, and other organizations in North America and Europe.
“This attack on DaVita is one of the largest data breaches via ransomware this year so far. It’s the seventh largest overall, the third largest in the US, and the third largest on a healthcare provider. Interlock is notorious for its data theft claims. Across its 54 victims, it alleges to have stolen over 79.2 TB of data, with an average of nearly 1.5 TB per victim. This is higher than most other groups,” Comparitech head of data research Rebecca Moody said in an emailed comment.
Related: Northwest Radiologists Data Breach Impacts 350,000 Washingtonians
Related: Cost of Data Breach in US Rises to $10.22 Million, Says Latest IBM Report
Related: Allianz Life Data Breach Impacts Most of 1.4 Million US Customers
