DaVita Inc. has formally disclosed that a ransomware attack earlier this year led to the exposure of sensitive data belonging to approximately 2.7 million individuals.
The healthcare provider reported the breach to the US Department of Health and Human Services (HHS) via the Office for Civil Rights’ breach portal, marking the first official confirmation of the scale of the incident.
The data breach, registered on the HHS breach notification site yesterday, classifies the incident as a compromise of “unsecured protected health information.” This confirmation arrives four months after DaVita first acknowledged the ransomware attack in an April 14, 2025, SEC Form 8-K filing, in which it stated that threat actors had encrypted parts of its network and triggered operational disruptions.
At the time, DaVita did not indicate whether sensitive data had been accessed or stolen, citing the early stage of forensic investigation. However, on April 24, the Interlock ransomware group publicly claimed responsibility for the attack and published a massive data cache on its leak site, stating that over 1.5 terabytes of data had been exfiltrated from DaVita’s systems. The group shared previews of documents, internal spreadsheets, and patient-related files, suggesting a significant breach of confidentiality.
The confirmation of the breach via HHS now validates those claims, though DaVita has not publicly acknowledged Interlock’s involvement. The breach reportedly affects a staggering 2,689,826 individuals, making it one of the largest healthcare-related data breaches reported in 2025.
DaVita Inc., headquartered in Denver, Colorado, operates one of the largest dialysis care networks in the United States, providing essential treatment to patients with chronic kidney failure. With thousands of outpatient centers nationwide and operations in multiple countries, the company’s digital infrastructure plays a critical role in delivering life-sustaining care. Its systems manage scheduling, clinical data, diagnostics, and billing, making them especially attractive targets for ransomware actors seeking leverage through operational disruption and data theft.
Following the attack in April, DaVita initiated incident response protocols, isolated affected systems, and engaged third-party cybersecurity experts to contain the breach and assess the damage. Despite these measures, Interlock’s publication of leaked data and today’s HHS disclosure confirm that protected health information (PHI) was compromised at scale.
While the exact data types involved have not been specified in the HHS entry, similar healthcare-related breaches typically include patient names, birthdates, treatment details, billing records, and in some cases, Social Security numbers and insurance information. Interlock’s leak reportedly involved over 683,000 files across 75,000 folders.
At the time of the attack, DaVita stated that clinical care delivery remained operational, albeit under strain, and emphasized that interim measures were in place to restore critical services. The company has since pledged transparency and ongoing communication with affected individuals, though further specifics on notifications and remediation efforts remain pending.
Leave a Reply