Kidney dialysis firm Davita has confirmed that a ransomware gang who violated his network stole personal and health information of about 2.7 million persons.
Davita serves 3,113 outpatient dialysis centers, 2,660 in the United States and more than 265,400 patients in 453 centers in 13 other countries worldwide. The company recorded a revenue of more than $ 12 billion in 2024 and a revenue of $ 3.3 billion for the second quarter of 2025.
In April, the Healthcare provider revealed in a filing with the US Securities and Exchange Commission (SEC) that the attackers had partially interrupted its operation after partially encrypted their network.
according to a Dedicated website With more information about the resulting data violations, the attackers had access to Davita’s network on 24 March and it was evicted after the company detected the incident on 12 April.
Inside their system, the danger actors stole data from Davita’s dialysis labs database, including individual (eg, name, address, date and social security number), health insurance-related and health (eg, status, treatment information, and dialysis lab test results).
For some individuals, stolen information includes tax identity number and, in some cases, individual check images.
On Thursday, Health Department (OCR) was updated for civil rights Its breech portalConfirming that Davita reported a total of 2,689,826 people about the theft in the incident.
However, BlappingCopper has also learned that Davita’s team found the actual number of persons affected by the incident 2.4 million after submitting information to OCR. Although the company has not publicly confirmed this number, OCR is expected to update its portal in the coming days.
Although the kidney dialysis firm has not linked the attack to a specific ransomware operation, the interlock ransomware gang claimed responsibility for the breech in late April.
The Interlock also leaked allegedly stolen data on its dark web portal, when the conversation with Davita failed, claiming that about 1.5 terabyte data, or approximately 700,000 files were stolen from the company’s compromised system, stolen with sensitive patient records, insurance details, user account information and financial data.
About a month later, on 18 June, Davita also received the leaked files and after finding out that some of them were stolen from dialysis labs, confirmed her validity.
When Bleping Capor reached out for more information about Brech, a Davita spokesperson did not confirm whether the interlock gang was behind the attack or the company had demanded a ransom after the incident.
The spokesperson said, “Sadly we have determined that the actor with danger had unauthorized access to our labs database, which included some patients’ sensitive personal information,” the spokesperson said. “As a result, we are informing the current and pre -patients and providing them resources, including a compatible credit monitoring, to help them protect their data.”
The interlock ransomware operation emerged in September 2024, in which the victims were targeted in several industries with focus on healthcare organizations.
The interlock is linked to the Clickfix and Malware attacks, during which they deployed a remote access trojan called Nodesane on a network of several universities in the United Kingdom.
Recently, the Cybercare Gang has claimed to have hacked the catering health, a healthcare giant, with over 120 outpatient facilities and more than 15,000 employees.
August 22, 08:31 Update EDT: Davita statement added.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
