{"id":2136,"date":"2025-08-06T16:51:31","date_gmt":"2025-08-06T16:51:31","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/08\/06\/clinical-data-stolen-in-cyber-attack-on-kidney-dialysis-provider-davita\/"},"modified":"2025-08-06T16:51:31","modified_gmt":"2025-08-06T16:51:31","slug":"clinical-data-stolen-in-cyber-attack-on-kidney-dialysis-provider-davita","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/08\/06\/clinical-data-stolen-in-cyber-attack-on-kidney-dialysis-provider-davita\/","title":{"rendered":"Clinical Data Stolen in Cyber-Attack on Kidney Dialysis Provider DaVita"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/32483240-27a8-4f36-ac60-9d465c05a5d5.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of James Coker\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>US-based kidney dialysis provider DaVita has confirmed that sensitive personal and clinical data was stolen from its systems, impacting over 900,000 customers.<\/p>\n<p>The incident, which is reportedly ransomware-related, began on March 24, 2025, and continued until the threat actor was blocked from DaVita servers on April 12.<\/p>\n<p>An investigation revealed that the attacker accessed and removed data from the company\u2019s dialysis labs database.<\/p>\n<p>In a notification letter sent to impacted customers on August 5, the healthcare firm revealed that this data included:<\/p>\n<ul>\n<li>Personally identifiable information, including names, dates of birth, social security numbers and health insurance-related information<\/li>\n<li>Clinical information, such as health conditions, other treatment details and certain dialysis lab test results<\/li>\n<li>For some individuals, tax identification numbers and in limited cases, images of checks written to DaVita were accessed<\/li>\n<\/ul>\n<p>The information involved varied by individual.<\/p>\n<p>DaVita has disclosed that a total of 915,952 US residents have been notified of the breach.<\/p>\n<p>Impacted customers have been urged to be vigilant against identity theft and fraud, and DaVita has offered them free credit monitoring services.<\/p>\n<h2><strong>DaVita Incident Increases Patient Care Costs<\/strong><\/h2>\n<p>In DaVita\u2019s second quarter 2025 financial results, published on August 5, the company revealed the April cyber-attack cost approximately $13.5m to remediate the incident and restore systems with the assistance of third-party cybersecurity professionals.<\/p>\n<p>Patient care costs increased by $1m, and general and administrative expenses rose by $12.5m as a direct result of the incident, DaVita noted.<\/p>\n<p>\u201cThis does not include the impact related to business interruption on our results,\u201d the company added.<\/p>\n<h2><strong>Interlock Gang Claims Responsibility<\/strong><\/h2>\n<p>In April, the Interlock ransomware group claimed the attack on DaVita, adding the firm as a victim on its data leak site.<\/p>\n<p>It alleged to have stolen 1.5 TB of data, and posted images of part of the dataset to prove its claim, according to an analysis by consumer awareness firm Comparitech.<\/p>\n<p><em>Read now: US Government Warns of Wide-Ranging Interlock Attacks<\/em><\/p>\n<p>DaVita has not provided any details on the perpetrator, including whether the incident was ransomware related.<\/p>\n<p>In July, Comparitech reported that ransomware attacks on the healthcare industry have grown at a far slower rate than most other sectors in the first half of 2025. This followed a huge surge in ransomware incidents impacting healthcare in 2024.<\/p>\n<p>Nevertheless, numerous high profile incidents affecting healthcare firms have taken place in 2025. One affected Ohio-based Kettering Health, which resulted the cancellation of elective inpatient and outpatient procedures across its 14 hospitals and over 120 facilities.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>US-based kidney dialysis provider DaVita has confirmed that sensitive personal and clinical data was stolen from its systems, impacting over 900,000 customers. The incident, which is reportedly ransomware-related, began on March 24, 2025, and continued until the threat actor was blocked from DaVita servers on April 12. An investigation revealed that the attacker accessed and<\/p>\n","protected":false},"author":2,"featured_media":2137,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2136","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2136-172e36d1-13dc-430f-b66c-f0390c07d18a-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2136"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2136\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2137"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}