Almost a million people had sensitive healthcare information stolen during a ransomware attack on dialysis company DaVita in April.
The company began filing breach notification letters in several states this week, informing regulators in Oregon, Texas, South Carolina, Washington and Massachusetts that a total of 915,952 U.S. residents were affected by the incident.
DaVita said it discovered the cyberattack on April 12, when network servers at its laboratories were breached.
The company said it was able to remove the cybercriminals from its systems on the same day, but an investigation revealed that they were able to access DaVita’s dialysis labs database.
The information stolen includes demographic data, names, addresses, dates of birth, Social Security numbers, health insurance information and other clinical information like health conditions, dialysis lab test results and treatment information.
“For some individuals, the information included tax identification numbers, and in limited cases images of checks written to DaVita,” the letters add.
DaVita said it is coordinating with law enforcement on the investigation. Victims can temporarily access identity protection services.
The letters claim there is “no evidence that your information has been subject to fraud.” But shortly after the attack, the Interlock ransomware gang took credit for the incident and claimed to have stolen 1.51 terabytes of data — posting samples of the stolen information on its leak site.
DaVita confirmed to the U.S. Securities and Exchange Commission that the attack encrypted parts of its network and was impacting its operations.
The attack caused alarm because of the pivotal role DaVita plays for dialysis patients. Its primary function is treating end-stage renal disease which necessitates kidney dialysis three times per week until patients receive a new kidney.
The company, which reported $12.8 billion in revenue last year, is one of the largest kidney care providers, with about 281,100 patients at 3,166 outpatient dialysis centers worldwide. DaVita operates more than 2,500 centers in the U.S. and hundreds more across 13 other countries.
The company said contingency plans were implemented after the ransomware attack, and centers continued to provide care to patients.
Recorded Future
Intelligence Cloud.
Learn more.
