Redazione RHC : 24 August 2025 14:14
DaVita, an American company that operates a network of over 2,600 hemodialysis centers in the United States, reported a serious loss of patient personal data following a ransomware attack. According to updated data, the incident affected approximately 2.4 million people, although the initial notification to the U.S. Department of Health and Human Services indicated a figure of 2.7 million.
According to official information, the breach occurred on March 24 and lasted until April 12, 2025. That day, the attackers were forced to leave the company’s infrastructure, and it was then that DaVita filed a notification with the Securities and Exchange Commission (SEC) of the United States, indicating that part of the network resources were encrypted. The investigation confirmed that the criminals gained access to the lab’s database, from which they stole a wide range of confidential information.
The stolen data included names, addresses, dates of birth, Social Security numbers, health insurance information, and internal company identifiers. Clinical data, including diagnoses, treatment information, and lab test results for hemodialysis patients, was also stolen. For some victims, the data leak included phone numbers and, in some cases, images of checks made out to DaVita.
The company stated that patient care was not interrupted and that medical care was being provided as usual. However, all affected individuals were notified of the incident and received free credit history monitoring and other fraud protection tools. “We deeply regret this incident. Our specialists, along with external teams, took timely measures to restore systems and protect data,” DaVita said in a statement.
Although the company has not officially confirmed who was behind the attack, the Interlock group has previously claimed involvement and added DaVita to the list of victims on its resource for publishing stolen data.
According to researchers, Interlock has been active since September 2024 and has already carried out more than twenty confirmed attacks, including against healthcare organizations in the United States and Europe. This summer, they targeted Kettering Health, where an attack led to the interruption of chemotherapy and the cancellation of surgeries. In July, Interlock paralyzed the city of St. Paul, Minnesota, forcing the governor to declare a state of emergency and call in the National Guard.
U.S. federal agencies, including the FBI, HHS, CISA, and MS-ISAC, previously issued a joint advisory warning that Interlock’s perpetrators are acting for financial gain and using tactics that not only disable systems but also paralyze critical services. Considering the healthcare sector, the consequences of such attacks directly threaten human life and health.
DaVita emphasized that it intends to use the experience of this incident to strengthen its defenses and share the findings with colleagues in the medical sector. At the same time, the investigation is ongoing, and affected users are awaiting updates based on the analysis of the stolen data.
RedazioneThe editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.
