Kidney dialysis firm DaVita confirms ransomware breach exposed personal and health data of nearly 2.7M individuals.Kidney dialysis firm DaVita disclosed a data breach after a ransomware attack, the incident exposed personal and health information of nearly 2.7 million individuals.The number of impacted individuals reported by the Department of Health’s Office for Civil Rights (OCR) was updated to 2,689,826.DaVita Inc. provides kidney dialysis services through a network of 2,675 outpatient centers in the United States, serving 200,800 patients, and 367 outpatient centers in 11 other countries, serving 49,400 patients. DaVita specializes in treating end-stage renal disease (ESRD), requiring patients to undergo dialysis three times a week unless they receive a kidney transplant. The company holds a 37% share of the U.S. dialysis market and is headquartered in Denver, though incorporated in Delaware. The company is ranked 341st on the Fortune 500.On April 18, 2025, the company announced it was investigating and addressing a cybersecurity incident that had temporarily disrupted certain internal operations.DaVita is prioritizing continuity of in-patient dialysis care following a cyberattack. They’ve activated contingency plans and manual procedures where necessary and are working to securely restore affected systems.“On April 12, 2025, DaVita became aware of a ransomware incident affecting and encrypting certain on-premises systems. We activated our incident response protocols and implemented containment measures, including proactively disconnecting parts of the network.External cybersecurity experts are assisting with our response, remediation and recovery efforts, and we are in the process of rebuilding and restoring encrypted systems and bringing them back online in a secure manner.” states the company. “While the incident has resulted in disruption to our internal operations, we continue to have contingency plans and manual processes in place where needed with a focus on continuity of patient care.”The Interlock ransomware gang has claimed responsibility for the cyberattack on DaVita. The group claimed the theft of 1510 GB of sensitive data, including patient records, insurance, and financial information. Interlock leaked DaVita’s alleged stolen files on their data leak site.According to the company, attackers accessed its network between March 24 and April 12, stealing data from dialysis labs.“Through an extensive investigation, we understand that the cyber incident started on March 24, 2025, and continued until the threat actor was blocked from our servers on April 12, 2025. On April 24, 2025, the threat actor posted on its leak site data it claimed to have taken from DaVita.” reads a statement published by the company. “DaVita worked diligently to determine what information was involved, and on or about June 18, 2025, we were able to obtain the set of data the threat actor posted and determine that sensitive personal information from our dialysis labs database was involved.”The information exposed varied by individual and may have included certain demographic information, including name, address, date of birth, social security number, health insurance-related information, and other identifiers internal to DaVita, as well as certain clinical information, such as health condition, other treatment information, and certain dialysis lab test results. The company pointed out that sor some individuals, the information included tax identification numbers, and in limited cases images of checks written to DaVita.Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, data breach)