Updated April 24, 2025: The InterLock ransomware gang has claimed responsibility for this attack. They claim to have exfiltrated 1,510 GB of data, 683,104 files, and 75,836 folders, and have leaked the file tree and some folder information.
Reuters reports:
DaVita said on Monday it had become aware of a ransomware incident that has encrypted some elements of its network, prompting the dialysis firm to implement measures to limit the effect of the breach.
The company discovered the cyberattack on Saturday, but added it “cannot estimate the duration or extent of the disruption at this time”, DaVita said in a regulatory filing.
Read more at The Star.
This is not DaVita’s first data security breach. DataBreaches has reported on several other breaches going back to 2008. In addition to the incidents previously reported on this site, DaVita also reported a hacking incident to HHS in 2022 after an employee fell for a phishing attack. In that incident, 1,092 patients were affected. Then, in July 2024, DaVita reported another incident to HHS. That one involved unauthorized disclosure due to the use of tracking technologies and potentially affected 67,443 patients who visited any websites, patient portals or mobile apps the company owned at least once between Nov. 20, 2017, and Sept. 21, 2023. DaVita settled a class action lawsuit to resolve claims stemming from that incident for $3.8 million.