In one of the largest healthcare data breaches of 2025, DaVita—the major U.S. kidney dialysis provider—has notified more than one million individuals that their personal and health information was stolen in a sophisticated ransomware attack. The incident, which unfolded between March 24 and April 12, 2025, has raised serious concerns about cybersecurity in the healthcare sector.
Breach Scope and Details
The ransomware attack is attributed to the Interlock ransomware gang, which claimed responsibility after DaVita detected and contained the intrusion by April 12. Preliminary figures show that over 1 million people were affected, with initial counts ranging from approximately 915,000 to well over a million.
The information compromised in the breach is extensive and sensitive. It includes names, dates of birth, Social Security numbers, home addresses, comprehensive medical details (such as conditions, treatments, and test results), health insurance data, tax identification numbers, images of checks, and additional financial or personally identifiable information.
DaVita’s internal investigation determined that attackers maintained unauthorized access to the network for nearly three weeks before security measures halted their activities. While some operations were disrupted, patient care reportedly continued with minimal interruption thanks to robust backup and continuity protocols.
Data Exfiltration and Aftermath
Interlock, the group behind the attack, claimed to have exfiltrated more than 20 terabytes of proprietary and personal data. After ransom negotiations faltered, the ransomware gang leaked approximately 1.5TB of stolen data—including close to 700,000 files—on the dark web. DaVita continues to conduct forensic analyses to fully assess which data was exposed and to identify all those impacted.
Response and Ongoing Investigations
In response to the incident, DaVita has engaged law enforcement and cybersecurity experts, and has extended free credit monitoring and identity theft protection services to all affected individuals. The company has emphasized its commitment to data security and has implemented additional protocols to prevent future attacks.
Legal repercussions have followed swiftly. At least two class action lawsuits have been filed against DaVita, with expectations of more as impacted individuals seek compensation for damages resulting from potential data misuse.
