0

Massive Cyberattack Exposes Data of Over 900,000 U.S. Patients

Massive Cyberattack Exposes Data of Over 900,000 U.S. Patients

Massive Cyberattack Exposes Data of Over 900,000 U.S. Patients

In a stark reminder of the growing vulnerability of the healthcare industry, DaVita — one of the largest providers of kidney dialysis services in the United States — has suffered a large-scale cyberattack that compromised highly sensitive personal and medical data of hundreds of thousands of patients.

The breach, part of an alarming surge in ransomware attacks targeting healthcare in recent years, was first detected in mid-April 2025. However, investigations revealed that hackers had already infiltrated DaVita’s systems weeks earlier, on March 24, primarily breaching the company’s laboratory servers.

According to cybersecurity research firm Comparitech, the attackers exfiltrated an estimated 1.5 terabytes of information, including 683,000 files and tens of thousands of additional documents. The cybercrime group Interlock Ransomware later claimed responsibility, boasting of having obtained financial records, personal identifiers, and detailed medical histories.

What Was Stolen?

The stolen data varies from patient to patient, but in many cases, the breach included:

  • Full names and home addresses
  • Dates of birth
  • Social Security numbers
  • Health insurance details
  • Complete medical records, including diagnoses, treatments, and lab results
  • Tax identification numbers
  • Images of company-issued checks

The sheer variety and depth of the exposed information significantly increase the risk of identity theft, financial fraud, and even targeted scams against the affected individuals.

DaVita’s Response

In response to the breach, DaVita has begun notifying all impacted patients through formal letters. The company is offering complimentary enrollment in Experian IdentityWorks — a comprehensive identity protection service that includes up to $1 million in identity theft insurance. Patients must activate this service by November 28, 2025, to take advantage of the coverage.

Recommended Actions for Patients

Cybersecurity experts advise affected patients to take immediate steps to protect themselves:

  • Enroll in the offered identity protection service without delay
  • Monitor bank accounts, credit cards, and insurance statements for unusual activity
  • Consider placing a credit freeze to block unauthorized loans or accounts
  • Be cautious of phishing emails, phone calls, or text messages referencing stolen data

A Growing Trend of Healthcare Cyberattacks

This is not the first time Interlock Ransomware has targeted healthcare providers. The group has previously breached medical networks including Texas Digestive Specialists and Kettering Health. Such incidents reflect an alarming trend: cybercriminals increasingly view healthcare institutions as lucrative targets due to the high value of medical and personal data on the dark web.

Experts warn that unless healthcare organizations significantly bolster their cybersecurity defenses, these attacks will not only continue but may grow in scale and sophistication — endangering both patient privacy and the stability of critical medical services.

The DaVita incident stands as a wake-up call, underscoring that in the modern digital landscape, safeguarding health data is as critical as the medical care itself.

You may like these posts