Kidney dialysis company DaVita today confirmed it notified 915,952 people of an April 2025 data breach that compromised the following patient info:
- Names
- Social Security numbers
- Health insurance info
- Medical info including conditions, treatments, and test results
- Tax ID numbers
- Images of checks made out to DaVita
- Dates of birth
- Addresses
The attack disrupted internal operations at DaVita, which told Comparitech at the time that it was aware of the ransom demand and was conducting an investigation.
Ransomware gang Interlock took credit for the breach on April 25, saying it stole 1.5 TB of data from DaVita. To prove its claim, Interlock posted images of what it says are documents stolen from DaVita.
DaVita has not verified Interlock’s claim. We do not know if DaVita paid a ransom, how much Interlock demanded, or how attackers breached its network. Comparitech contacted DaVita for comment and will update this article if it replies.
“On April 12, 2025, we discovered that we experienced a security incident that resulted in unauthorized access to certain DaVita network servers, primarily at its laboratories,” says the company’s latest notice (PDF) to data breach victims. “Through an extensive investigation, we understand that the cyber incident started on March 24, 2025, and continued until the threat actor was blocked from our servers on April 12, 2025.”
DaVita is offering eligible victims free identity restoration assistance through Experian. The deadline to enroll is November 28, 2025.
Who is Interlock?
Interlock is a ransomware gang that first started adding targets to its leak site in October 2024. The group extorts targets both to unlock infected computer systems and to not sell or release stolen data.
Since it began, Interlock has taken credit for 23 confirmed ransomware attacks, plus 31 unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations.
DaVita isn’t Interlock’s only target in the healthcare industry. Its other recently confirmed claims include:
- Texas Digestive Specialists notified 41,521 people of a May 2025 data breach
- Kettering Health reported a May 2025 data breach caused a major outage
- Naper Grove Vision Care is issuing notifications for a May 2025 data breach
Ransomware attacks on US healthcare
Comparitech researchers have logged 53 confirmed ransomware attacks on American healthcare companies, compromising more than 3.2 million records. This attack on DaVita is the second largest by number of records after Frederick Health’s data breach in January 2025.
Other recently confirmed such attacks include:
- Highlands Oncology Group notified 113,575 people of a January 2025 data breach for which Medusa demanded $700,000
- West Texas Oral Facial Surgery notified 9,887 people of a May 2025 breach claimed by Inc
- Cookeville Regional Medical Center reported a July 2025 attack for which Rhysida demanded $1,147,000 in ransom.
Ransomware attacks on US hospitals, clinics, and other care providers can both steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About DaVita
DaVita is a kidney dialysis firm that treats around 200,000 patients across the US and 13 other countries. 55,000 of its patients are located in the US. It’s headquartered in Denver, Colorado.
