US-based kidney dialysis provider DaVita has disclosed a significant data breach that compromised sensitive personal and clinical data belonging to more than 915,000 individuals. The breach, believed to be linked to a ransomware attack, took place between March 24 and April 12, 2025, before the threat actor was successfully removed from DaVita’s systems.

According to the company’s internal investigation, the attacker gained unauthorized access to one of DaVita’s dialysis laboratory databases, where they extracted both personally identifiable information (PII) and clinical records. In a customer notification sent on August 5, DaVita confirmed the stolen data includes:

• Names, birth dates, Social Security numbers, and insurance details
• Medical conditions, treatment information, and dialysis lab results
• In some cases, tax ID numbers and even scanned images of checks made out to DaVita

The types of information stolen vary depending on the individual, but the overall impact has been severe. To mitigate the risks of identity theft and fraud, DaVita is offering affected patients free credit monitoring services.

Financial and Operational Fallout

In its Q2 2025 financial report, also released on August 5, DaVita revealed that the cyberattack has already cost the company approximately $13.5 million in remediation and system recovery efforts. These actions were conducted in coordination with third-party cybersecurity experts.

The breach also led to a $1 million rise in patient care costs and a $12.5 million increase in administrative and operational expenses. Notably, the company clarified that these figures do not include losses due to business disruption caused by the attack.

Interlock Ransomware Group Claims Responsibility

The Interlock ransomware group has claimed responsibility for the attack and has listed DaVita on its data leak site. According to reports from Comparitech, the group claims to have stolen 1.5 terabytes of data, even posting samples to validate their claim.

While DaVita has not officially confirmed whether ransomware was involved or acknowledged the group behind the attack, the evidence suggests otherwise.

Despite a decline in ransomware incidents across the healthcare sector in the first half of 2025—compared to a sharp increase in 2024—the year has still seen a number of high-impact breaches. One such attack targeted Kettering Health in Ohio, leading to widespread disruption of patient care across its 14 hospitals and over 120 facilities.

Source: https://www.infosecurity-magazine.com/news/clinical-data-stolen-kidney