Data Breach Notification,
Data Security,
Fraud Management & Cybercrime
DaVita’s Stolen Data Surfaced on Dark Web Following Ransomware Attack by Interlock
In a troubling development for patient data security, DaVita disclosed to federal authorities that a cyberattack attributed to the ransomware group Interlock has compromised the information of nearly 2.7 million individuals. This breach, initially reported in April, involved the theft of over 1.5 terabytes of sensitive data related to kidney dialysis services.
According to Interlock’s leak site, several files pertaining to DaVita’s operations have appeared, including patient accounting records, eligibility documents for government and payer benefits, laboratory results, and various research studies. The scale and specificity of the leaked information pose significant risks to those affected.
In an official notice submitted to the U.S. Department of Health and Human Services (HHS) on August 1, DaVita detailed that the incident involved a network server breach, which impacted more than 2.68 million people. The HHS’ Office for Civil Rights later made this report publicly available through its HIPAA Breach Reporting Tool.
This incident now ranks as the fourth-largest healthcare data breach reported to federal regulators in 2025. DaVita has not yet commented on specific claims made by Interlock regarding the leaked data nor provided insights into further actions being taken.
DaVita, a global leader in kidney dialysis services, recently informed the U.S. Securities and Exchange Commission that the financial impact of this breach has already reached $13.5 million, as detailed in preceding reports. The organization confirmed that unauthorized access to its servers began around March 24 and continued until April 12, when their threat detection protocols effectively curtailed the breach.
The data accessed during the incident has raised alarms, as it ranges from basic personal identifiers—such as names and Social Security numbers—to more sensitive health-related information, which could include personal health conditions and treatment histories. Some affected parties may also be at risk of compromised financial data, with indications that images of checks directed to DaVita were also accessed.
In light of this breach, DaVita has undertaken enhanced measures to secure its systems, including deploying new security monitoring tools and reinforcing existing protocols to mitigate future risks. The organization aims to bolster its defenses against adversary tactics recognized under the MITRE ATT&CK framework, potentially including initial access, persistence, and privilege escalation.
