Dialysis company DaVita reviewing data leaked by ransomware gang

A ransomware gang posted the sensitive information of patients who received dialysis treatment from DaVita on its leak site Thursday morning. 

In a statement to Recorded Future News, the dialysis chain confirmed that it is aware of the dark web posting and said it is in the process of conducting a review of the data involved. 

“A full investigation regarding this incident is still underway. We are working as quickly as possible and will notify any affected parties and individuals, as appropriate,” a spokesperson said on Thursday.  

“We are disappointed in these actions against the healthcare community and will continue to share helpful information with our vendors and partners to raise awareness on how to defend against these attacks in the future.”

The Interlock ransomware gang, which claims to have stolen 1.51 terabytes of data from Davita, posted samples of the stolen information.

DaVita — which operates more than 2,500 centers in the U.S. and hundreds more across 13 other countries — told the U.S. Securities and Exchange Commission two weeks ago that the attack encrypted parts of its network and was impacting its operations. 

Contingency plans were implemented but they continued to provide care to patients. The company’s primary function is treating end-stage renal disease, which necessitates kidney dialysis three times per week until patients receive a new kidney.

DaVita served about 281,100 patients at more than 3,000 outpatient dialysis centers worldwide last year.

Comparitech cybersecurity expert Paul Bischoff said Interlock is a relatively new group that first began adding victims to its data leak site in October 2024. Attacks against half of the 26 victims the group has posted have been confirmed.

The group claimed responsibility for an attack on Texas Tech University Health Sciences Center and its El Paso counterpart. The incident disrupted systems and exposed the medical information of more than 530,000 people. 

Cybersecurity experts have tracked at least 133 alleged ransomware attacks on healthcare facilities globally so far this year, a startling increase in incidents impacting critical health services. 

In the last week, Onsite Mammography, Kelly & Associates Insurance Group, Behavioral Health Resources, Hamilton Health Care System, Central Texas Pediatric Orthopedics and Medical Express Ambulance Service have all reported data breaches resulting from cyberattacks.

Several of these breaches have been claimed by ransomware gangs who say they plan to leak the stolen data or already have. 

Yale New Haven Health System recently told federal regulators that 5.5 million people had information stolen during a cyberattack in March.