Huge healthcare breach sees nearly a million patients hit following DaVita ransomware attack - make sure you're safe

News
By published

DaVita lost data at the hands of Interlock

A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
(Image credit: Shutterstock / JLStock)
  • DaVita reveals more on effects of April 2025 ransomware attack
  • The Interlock group stole sensitive files on thousands of people
  • Affected patients offered free identity theft monitoring

US healthcare company DaVit has revealed it suffered a ransomware attack and a data breach earlier this year which saw patient data stolen.

The company, which specializes in providing kidney care services, filed a new form with the Office of the Washington State Attorney General, in which it confirmed the attack took place between March 24 and April 12, 2025, and saw the criminals take people’s names, Social Security numbers (SSN), driver’s license numbers, Washington ID card numbers, financial and banking information, full dates of birth, health insurance policy or ID numbers, and other medical information.

In Washington state alone, more than 13,000 people were affected, with the full number of victims unknown at this time.

Interlock takes credit

DaVita also shared the data breach notification letter it’s been sending out to the victims, which stated it spotted the attack on April 12, and ousted the infiltrators on the same day. Third-party forensics experts were brought in, and law enforcement was notified.

The data grabbed came from its dialysis labs database and, varying from person to person, could include certain clinical information such as health condition, other treatment information, and certain dialysis lab test results.

“For some individuals, the information included tax identification numbers, and in limited cases images of checks written to DaVita.”

According to Cybernews, the attack was the work of the Interlock ransomware group, which emerged in late 2024, and has since then successfully broken into at least 51 organizations.

While the company says there is no evidence that the data is being misused in the wild, it urged its patients to be wary of incoming emails, especially unsolicited messages claiming to come from DaVita itself. Patients should also review their account statements and monitor their free annual credit reports for suspicious activity and potential errors.

DaVita has offered free identity theft protection, and credit monitoring, through Experian IdentityWorks.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.