DaVita Reports Ransomware Incident, Patient Care Uninterrupted Despite System Disruption
Key Details at a Glance:
- Incident Date: Disclosed April 12, 2025
- Impact: Certain systems encrypted, operations disrupted
- Patient Care: Ongoing without interruption
- Attribution: No ransomware gang has claimed responsibility
- Investigation: In progress with cybersecurity firms and law enforcement
- Potential Link: Employee credential compromise tied to infostealer infections
- Global Reach: 3,166 centers, 281,100 patients, 55,000 US employees
DaVita, a leading provider of kidney dialysis services in the United States, has confirmed a ransomware attack that has encrypted portions of its internal network. The disclosure came through a filing with the Securities and Exchange Commission (SEC) on April 12, 2025.
The company stated that it is working with cybersecurity experts and law enforcement to investigate the incident. Immediate containment steps have been activated, and affected systems have been isolated.
“Ransomware has encrypted certain elements of our network,” the company disclosed in its SEC filing.
Despite the disruption, DaVita assured stakeholders that it continues to provide essential patient care services. The full extent of the impact, however, remains unknown.
“Given the recency of the incident, our investigation and response are ongoing, and the full scope, nature, and potential ultimate impact on the Company are not yet known,” DaVita noted.
DaVita’s Operations Affected, But Patient Services Remain Ongoing
Although certain operational systems have been affected, DaVita emphasized that its dialysis services remain active. The organization is still assessing the potential duration and breadth of the disruption.
DaVita primarily serves patients with end-stage renal disease (ESRD), which requires dialysis treatments three times a week. These treatments are vital and time-sensitive, making operational continuity critical.
Security Threat Not Yet Attributed to Known Ransomware Gangs
At this time, no ransomware groups have taken credit for the attack. The Cybernews Ransomlooker tool has not identified any known gang claiming responsibility. The method of system access by the attacker also remains unclear.
In a related development, cybersecurity firm Hudson Rock reported that dozens of DaVita employees have recently been compromised via infostealer malware infections. These types of infections can harvest credentials and sensitive data, potentially providing initial access for ransomware deployment.
DaVita’s Global Presence and Patient Impact Scope
As of December 31, 2024, DaVita operated 3,166 outpatient dialysis centers globally, including 2,657 within the United States. The company serves approximately 281,100 patients across 14 countries and employs around 55,000 people in the U.S.
The Landmark Admin data breach, which involved unauthorized access to sensitive healthcare-related information, is under scrutiny for potential links to this latest attack on DaVita. Analysts are monitoring whether compromised credentials from that breach may have contributed to this ransomware incident.
DaVita continues to coordinate with federal authorities and external cybersecurity experts as it works to fully restore its systems and determine the origin of the attack.
