Update – 04/25: Updated statement from DaVita.
Today, ransomware gang Interlock has added kidney dialysis firm DaVita to its data leak site. It alleges to have stolen 1.5 TB of data, which includes 683,104 files and 75,836 folders.
On April 14, DaVita reported that it had suffered a ransomware attack on April 12, and this was “affecting and encrypting certain on-premises systems.” The attack continues to disrupt internal operations with DaVita having no “timeline for full restoration.” Patient care at its centers and patients’ homes continues, however.
Comparitech contacted DaVita about Interlock’s claims and was provided with the following statement:
We are aware of the post on the dark web and are in the process of conducting a thorough review of the data involved. A full investigation regarding this incident is still underway. We are working as quickly as possible and will notify any affected parties and individuals, as appropriate. We are disappointed in these actions against the healthcare community and will continue to share helpful information with our vendors and partners to raise awareness on how to defend against these attacks in the future.”
Who is Interlock?
Interlock first began adding victims to its data leak site in October 2024. As with most ransomware gangs today, it seeks a ransom payment for the decryption of systems and the deletion of stolen data.
Since October 2024, we’ve tracked 13 confirmed attacks via this group and a further 13 unconfirmed attacks that haven’t been acknowledged by the organizations in question. Interlock was also responsible for attacks on Texas Tech University Health Sciences Center (TTUHSC) in September 2024, which saw the breach of nearly 1.5 million records, and Brockton Neighborhood Health Center (BNHC) in November 2024, which affected nearly 97,500 people.
This year, it has been confirmed as the group behind six attacks on US organizations. This also includes:
- The Siegel Group, Inc. – hit in January 2025 with over 3,500 affected in the breach
- Aztec Municipal School District – targeted in February 2025 with the attack leading to school closures
- National Defense Corporation (National Presto Industries, Inc.) – hit in March 2025
- Cherokee County School District – hit in March 2025, causing many restrictions
- Andretti Indoor Karting & Games – also hit in March 2025 with locations being shut down briefly as a result
We are also monitoring six unconfirmed attacks from this year so far.
Ransomware attacks on US healthcare companies
2025 has already seen 17 confirmed attacks on US healthcare companies, as well as a further 80 unconfirmed.
Other recently confirmed attacks include Alabama Ophthalmology Associates in which 131,576 had their data breached following an attack via BianLian in January 2025. Mental health service provider Horizon Behavioral Health also began notifying people of a breach this week following an attack by as-yet-uknown hackers in March 2025.
As we are seeing with DaVita, ransomware attacks on healthcare companies have the potential for widespread disruption. Not only can patient care be affected when systems are encrypted, but these attacks often have ongoing consequences when data is stolen by hackers. In 2024 alone, nearly 25.7 million individual records were breached across 160 ransomware attacks on US healthcare providers.
About DaVita
DaVita treats around 200,000 dialysis patients across the US and 13 other countries. 55,000 of its patients are located in the US. Its headquarters are located in Denver, Colorado.
