Data Breach Notification,
Data Security,
Fraud Management & Cybercrime
Interlock Claims to Possess 1.5TB of DaVita’s Data Amid Rising Costs
DaVita Inc., a leading provider in kidney dialysis services globally, recently reported to regulators that a cyberattack occurring in April has led to costs exceeding $13.5 million and has impacted over one million individuals in the United States. The cybercriminal group Interlock claims responsibility for both the data breach and the accompanying ransomware attack.
Interlock announced on its dark web platform that it possesses over 1.5 terabytes of stolen data from DaVita. An application submitted to the U.S. Securities and Exchange Commission (SEC) in April detailed that the cyber incident also included the encryption of certain elements of DaVita’s network.
As of the most recent update, state attorneys general from several locations, including Massachusetts, Oregon, South Carolina, Texas, and Washington, have released data breach notifications that DaVita filed regarding the incident. Reports indicate that the largest number of affected individuals was in Oregon, where nearly 916,000 people were reported as impacted.
Interestingly, information regarding the breach has not yet appeared on the U.S. Department of Health and Human Services’ HIPAA Breach Reporting Tool, which regularly lists healthcare data breaches affecting 500 or more individuals.
The breach notice issued by the Colorado-based DaVita revealed that compromised data may include personal identifiers such as names, addresses, dates of birth, Social Security numbers, health insurance details, clinical information about health conditions, treatment details, and even images of checks directed to DaVita. For certain individuals, breaches also extended to tax identification numbers.
DaVita’s investigation concluded that the incident spanned from March 24 to April 12, when the threat actor was ultimately blocked from accessing the company’s servers. The financial repercussions reported to the SEC outlined a temporary disruption of operations during the second quarter, with costs amounting to approximately $13.5 million, which mainly stemmed from patient care and remediation efforts involving external cybersecurity experts.
The company’s recent financial report indicated consolidated revenues of $3.38 billion and a net income of $199 million for the second quarter ending June 30. The report attributed significant negative impacts to the cyber incident and related increased operating costs.
In discussing the broader implications for the company’s future financial health, DaVita’s CEO emphasized the potential vulnerabilities associated with privacy and security compliance, compounded by the risks of ongoing cyber threats. This sentiment resonates particularly well within the context of the MITRE ATT&CK framework, which highlights tactics such as initial access, persistence, and privilege escalation—each potentially relevant to the methodologies employed by Interlock during the attack.
While DaVita has communicated optimism regarding the mitigative steps taken post-incident, ongoing staffing challenges and future investments in technology and security measures will continue to play a pivotal role in shaping the company’s operational landscape.
As a final note, the evolving nature of cybercrime was acknowledged, reinforcing the notion that industry innovation is essential in the face of sophisticated cyber adversaries.
