Kidney dialysis giant DaVita tells 2.4M people they were snared in ransomware data theft nightmare

Threat Score:
70
2 articles
90.0% similarity
14 hours ago

Article Timeline

2 articles
Click to navigate
Aug 22
Aug 22
Oldest
Latest
Kidney dialysis giant DaVita tells 2.4M people they were snared in ransomware data theft nightmare

Key Insights

1
DaVita, a major kidney dialysis provider, reported that a ransomware attack by the Interlock gang affected nearly 2.7 million individuals, with sensitive data stolen from its labs database.
2
The breach, first disclosed in April 2025, involved unauthorized access to personal information including names, Social Security numbers, and health-related data, as confirmed by DaVita's filing with federal regulators.
3
The attack began on March 24, 2025, and continued until April 12, when DaVita successfully removed the threat actor from its systems, according to the company's cyber incident update.
4
Interlock claimed to have stolen over 1.5 terabytes of data, which has since been leaked on the dark web, raising privacy and security concerns for the affected individuals.
5
DaVita's response included collaboration with external experts and a commitment to improve cybersecurity measures following the incident, as stated in their official communications.
6
The U.S. Department of Health and Human Services is expected to update the number of affected individuals to 2.4 million, reflecting ongoing assessments by DaVita post-disclosure.

Threat Overview

DaVita, one of the largest kidney dialysis providers in the United States, has confirmed that a ransomware attack by the cybercriminal group Interlock has compromised the personal information of nearly 2.7 million individuals. The breach, which was disclosed to federal regulators in April 2025, involved unauthorized access to sensitive data stored in the company's labs database. In its filing with the U.S. Department of Health and Human Services (HHS), DaVita reported that the attack included the theft of names, Social Security numbers, health insurance details, and other critical health-related information. According to DaVita, the cyber incident began on March 24, 2025, and continued until April 12, when the company successfully removed the threat actors from its systems. DaVita stated, 'Our teams, working with external experts, took swift action to address and recover from a cyber incident earlier this year.' The Interlock gang claimed to have stolen over 1.5 terabytes of patient data, which has since been leaked on the dark web. DaVita's recent communications indicate that they are finalizing the total number of affected individuals, with HHS expected to update this figure to 2.4 million. The company has also emphasized its commitment to enhancing cybersecurity protocols to protect patient information in the future. As the healthcare sector increasingly becomes a target for cyberattacks, DaVita's incident reflects a growing trend of ransomware attacks affecting critical infrastructure. Experts warn that such breaches can lead to severe consequences for patient privacy and trust in healthcare providers. DaVita's proactive response to the situation, including working with cybersecurity experts, illustrates the importance of swift action in mitigating the impact of such attacks. In light of this incident, DaVita is expected to implement more robust cybersecurity measures and protocols to prevent future breaches. The healthcare industry as a whole must consider the implications of this attack and the need for strengthened defenses against evolving cyber threats.

Tactics, Techniques & Procedures (TTPs)

T1071.001
Application Layer Protocol - Use of legitimate application protocols to evade detection during data exfiltration [2][3]
T1583
Acquire Infrastructure - Ransomware groups like Interlock acquire infrastructure for command and control [1][2]
T1190
Exploit Public-Facing Application - Attackers exploited vulnerabilities in DaVita's public-facing applications to gain access [1][3]
T1070
Indicator Removal on Host - Techniques to erase traces of the attack from compromised systems [2][4]
T1041
Exfiltration Over Command and Control Channel - Data was exfiltrated through established C2 channels [1][3]
T1499
Endpoint Denial of Service - Ransomware deployment caused service disruption to dialysis operations [3][4]
T1557
Adversary-in-the-Middle - Attackers may have intercepted communications to facilitate data access [2][4]

Timeline of Events

2025-03-24
Attack initiated as threat actors gain unauthorized access to DaVita's systems [1][2]
2025-04-12
DaVita successfully removes the threat actors from their servers and begins recovery process [2][3]
2025-04-15
DaVita informs the U.S. Securities and Exchange Commission about the incident in a Form 8-K report [1][2]
2025-08-22
DaVita publicly announces that the breach affects nearly 2.7 million individuals, as confirmed by federal regulators [1][3]
2025-08-22
HHS expected to update the affected individual count to 2.4 million following DaVita's final assessment [2][3]
Ongoing
Investigation into the breach continues, with DaVita collaborating with cybersecurity experts to enhance defenses [1][2]

Source Citations

expert_quotes: {'DaVita official statement': 'Article 2', 'Cybersecurity expert analysis': 'Article 1'}
primary_findings: {'Breach impact and data type': 'Articles 1, 2', 'Company response and timeline': 'Article 2'}
technical_details: {'Attack methods and infrastructure': 'Articles 1, 2, 3'}
Powered by ThreatCluster AI
Generated 14 hours ago
Recent Analysis
AI analysis may contain inaccuracies

Related Articles

2 articles
1
Kidney dialysis giant DaVita tells 2.4M people they were snared in ransomware data theft nightmare

Kidney dialysis giant DaVita tells 2.4M people they were snared in ransomware data theft nightmare

The Register Security 15 hours ago

Cyber-crime Kidney dialysis giant DaVita tells 2.4M people they were snared in ransomware data theft nightmare Health details, tax ID numbers, even images of checks were stolen, reportedly by the Interlock gang Ransomware scum breached kidney dialysis firm Davita's labs database in April and stole 2.4 million people's personal and health-related information. In a filing with the US Department of Health and Human Services, the global healthcare provider, which operates 2,661 dialysis centers in A

Score
66
97.0% similarity
Read more
2

Dialysis Chain Tells Feds Hack Affects Nearly 2.7 Million

Data Breach Today UK 14 hours ago

Stolen DaVita Data Leaked on Dark Web by Ransomware Gang Interlock Months after cybercriminal gang Interlock claimed to have stolen more than 1.5 terabytes of patient data from kidney dialysis chain DaVita, the company told federal regulators that the cyberattack first disclosed in April has affected nearly 2.7 million people.

Score
57
97.0% similarity
Read more