Despite the attack, DaVita said it ensured continuous patient care across nearly 3,000 clinics while notifying affected patients and offering free credit monitoring services.
A ransomware attack against dialysis provider DaVita has exposed the personal data of 2.7 million people, according to a notice on the US health department’s website.
The company first disclosed the cyber incident in April, saying it had taken steps to restore operations but could not predict the scale of disruption.
DaVita confirmed that hackers gained unauthorised access to its laboratory database, which contained sensitive information belonging to some current and former patients. The firm said it is now contacting those affected and offering free credit monitoring to help protect against identity theft.
Despite the intrusion, DaVita maintained uninterrupted dialysis services across its network of nearly 3,000 outpatient clinics and home treatment programmes. The company described the cyberattack as a temporary disruption but stressed that patient care was never compromised.
Financial disclosures show the incident led to around $13.5 million in charges during the second quarter of 2025. Most of the costs were linked to system restoration and third-party support, with $1 million attributed to higher patient care expenses.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
