Interlock Ransomware Gang Leaks Data Stolen from Leading Kidney Dialysis Firm DaVita

TL;DR

The Interlock ransomware gang has claimed responsibility for a cyberattack on DaVita, a leading kidney dialysis company. The attack resulted in the theft of 1510 GB of sensitive data, including patient records and financial information, which the group has started leaking online. DaVita is currently working to restore its systems and ensure continuity of patient care.

Interlock Ransomware Gang Targets DaVita in Major Data Breach

The Interlock ransomware gang has claimed responsibility for a significant cyberattack on DaVita, a leading provider of kidney dialysis services. The attack, which occurred on April 12, 2025, resulted in the encryption of certain on-premises systems and the theft of 1510 GB of sensitive data, including patient records, insurance information, and financial details. The stolen data has since been leaked on the group’s data leak site.

---

DaVita Inc. specializes in treating end-stage renal disease (ESRD), which requires patients to undergo dialysis three times a week unless they receive a kidney transplant. The company operates a network of 2,675 outpatient centers in the United States, serving approximately 200,800 patients, and 367 outpatient centers in 11 other countries, serving around 49,400 patients. Headquartered in Denver and incorporated in Delaware, DaVita holds a 37% share of the U.S. dialysis market and is ranked 341st on the Fortune 500 list ¹.

DaVita’s Response to the Cyberattack

DaVita announced on April 18, 2025, that it is currently investigating and addressing the cybersecurity incident, which has temporarily disrupted certain internal operations. The company has prioritized the continuity of in-patient dialysis care and has activated contingency plans and manual procedures where necessary. DaVita is working with external cybersecurity experts to assist with response, remediation, and recovery efforts.

In a statement, DaVita said:

“On April 12, 2025, DaVita became aware of a ransomware incident affecting and encrypting certain on-premises systems. We activated our incident response protocols and implemented containment measures, including proactively disconnecting parts of the network. External cybersecurity experts are assisting with our response, remediation, and recovery efforts, and we are in the process of rebuilding and restoring encrypted systems and bringing them back online in a secure manner. While the incident has resulted in disruption to our internal operations, we continue to have contingency plans and manual processes in place where needed with a focus on continuity of patient care.” ²

Interlock Ransomware Gang’s Involvement

The Interlock ransomware gang has claimed responsibility for the cyberattack on DaVita. The group claimed to have stolen 1510 GB of sensitive data, which they have started leaking on their data leak site. The leaked data allegedly includes patient records, insurance information, and financial details.

Conclusion

The cyberattack on DaVita highlights the growing threat of ransomware attacks on critical healthcare infrastructure. As DaVita works to restore its systems and ensure the continuity of patient care, the incident serves as a reminder of the importance of robust cybersecurity measures in protecting sensitive data and maintaining operational resilience.

For more details, visit the full article: source

References

1. DaVita (n.d.). “DaVita Inc”. Wikipedia. Retrieved 2025-04-25. ↩︎

2. DaVita (2025, April 18). “DaVita Systems Outage”. DaVita. Retrieved 2025-04-25. ↩︎