DaVita, a U.S.-based kidney dialysis provider, confirmed that a ransomware group breached its network and stole the personal and health information of nearly 2.7 million people. The Department of Health and Human Services’ Office for Civil Rights (OCR) later updated its breach portal to show 2,689,826 individuals affected, though DaVita’s internal records indicate a figure closer to 2.4 million, a discrepancy the company has not publicly resolved.
In the intrusion, attackers gained access to DaVita’s labs database and exposed data that included names, addresses, dates of birth, Social Security numbers, health insurance details, and medical information such as conditions, treatments and dialysis lab results. For some individuals, tax identification numbers and images of personal checks were also exposed. A dedicated information page is available at DaVita outage site.
DaVita says attackers accessed its systems on March 24 and were evicted after the company detected the incident on April 12, during a period of disrupted operations following a weekend ransomware attack. In response, the company notified affected patients and former patients and offered complimentary credit monitoring and other resources to safeguard their data.
Interlock, the ransomware operation behind the breach, claimed responsibility in late April and subsequently leaked what it described as roughly 1.5 terabytes of data, including what appeared to be sensitive patient records, insurance details, and financial information. DaVita has not publicly confirmed a ransom demand or the attackers’ identity, and OCR’s breach portal remains the official reference point for the reported figures.
The incident has been linked to broader activity by the Interlock group, which has targeted healthcare organizations and other sectors since 2024.
DaVita said it is notifying affected individuals and providing resources to help mitigate potential harm. OCR’s portal is expected to update its numbers in the days ahead as investigations progress, and DaVita continues to coordinate with authorities as needed.