DaVita, a major U.S. provider of dialysis services, has suffered a ransomware attack that exposed personal data belonging to approximately twenty-seven lakh patients, according to the U.S. Department of Health and Human Services. Despite the breach, DaVita confirmed that essential kidney care remained uninterrupted.
Sensitive Patient Data Stolen, Response Underway
The attackers gained unauthorised access to DaVita’s laboratory database, which includes sensitive patient information. The company is notifying affected current and former patients and has extended complimentary credit monitoring and identity protection services to help mitigate potential fallout.
DaVita emphasised that its nearly three thousand outpatient clinics and home care services continued operating without interruption, ensuring vital treatment was not compromised.
Billions in Costs to Counter Cyber Breach
Responding to the breach came at a steep price. In the second quarter of 2025, the company incurred charges amounting to approximately INR one crore fifteen lakh, which included increased patient care expenses of around INR eight lakh and additional administrative and cybersecurity expenses of about INR 1.7 crore.
As a key health service provider, DaVita’s breach underscores how cyber threats increasingly target critical infrastructure. The fusion of medical data with digital systems makes healthcare organisations especially vulnerable. Beyond patient privacy, such incidents strain healthcare operations and trust.
Security experts warn that ransomware groups like those behind this attack—the “Interlock” group claims control over more than one and a half terabytes of stolen data—are growing more sophisticated and coordinated.
