Incident Overview In mid-April 2025 Denver-based DaVita Inc. one of the world’s largest kidney dialysis providers disclosed that it had discovered a ransomware incident on April 12 that encrypted portions of its network and disrupted certain operations though patient care continued uninterrupted under contingency measures. Following the detection DaVita activated its incident response protocols proactively isolating affected systems engaging third-party cybersecurity experts and notifying law enforcement as part of its containment efforts. As of early May the full extent and duration of the disruption remained under investigation with the company working to restore normal operations as swiftly as possible. Discovery and Containment DaVita first alerted investors and regulators to the breach in an 8-k filing with the U.S. Securities and Exchange Commission on April 14 2025 , stating that a ransomware strain had encrypted key network elements and impaired data access across multiple facilities. The provider immediately implemented its incident response playbook-isolating compromised systems to limit lateral movement deploying backup protocols to maintain patient treatments and enlisting external forensic teams to identify the attack vector and remediate vulnerabilities. Data Exposure Claims Emerge Approximately two weeks after the initial breach the Interlock ransomware gang claimed responsibility , asserting it had stolen over 20 terabytes of proprietary and patient data. Cybersecurity publication CPO Magazine reports that Interlock began leaking roughly 1.5 terabytes of that haul-comprising nearly 700 000 files -on the dark web after ransom negotiations reportedly broke down. DaVita confirmed it was aware of the postings and stated it had launched a comprehensive review of the potentially exposed data to determine which individuals and records were implicated. Impact on Patients An independent ongoing investigation by DataBreach.com has identified that the breach exposed the following types of personally identifiable information (PII):

Full name Social Security number (SSN) Phone number Medical diagnosis Insurance provider Treating physician’s name Not every individual’s data was affected in the same way. Determining the precise impact on each person requires a case-by-case review of the compromised records. By using our breach lookup tool you can easily verify whether specific PII was compromised in the breach. ,

DaVita’s Ongoing Investigation DaVita has stated that its forensic investigation remains active focusing on pinpointing the precise scope of data theft and identifying all affected parties. A company spokesperson reiterated that DaVita will notify any individuals whose information was compromised “as appropriate” and collaborate with vendors and partners to strengthen defenses against future intrusions. Healthcare Sector Under Siege The DaVita breach exemplifies a broader surge in cyberattacks targeting the healthcare ecosystem where vast repositories of high-value personal and medical data are prime targets for extortion. According to industry reports two-thirds of healthcare organizations experienced ransomware incidents in 2024 -up from 60% in 2023 -underscoring systemic vulnerabilities in legacy systems and under-resourced security postures.