DaVita, a US-based kidney dialysis firm operating over 2,600 treatment centers across 12 countries, suffered a ransomware attack on April 12, 2025. The attack encrypted critical systems, disrupting operations and forcing the company to isolate affected networks. While DaVita activated response protocols and restored some functions via contingency plans to maintain patient care, the full scope of the breach—including potential data exfiltration—remains unknown. The incident impacted core operations, with no estimated timeline for full recovery. Law enforcement and cybersecurity experts are assisting in the investigation, but no ransomware group has claimed responsibility. Given the nature of the attack, there is a high risk of sensitive patient or employee data being compromised, though no confirmation has been made public. The disruption to dialysis services, a life-sustaining treatment, raises concerns about patient safety and operational continuity.
TPRM report: https://www.rankiteo.com/company/davita
"id": "dav3392033101125",
"linkid": "davita",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Healthcare (Kidney Dialysis)',
'location': 'United States (global operations in 12 '
'countries)',
'name': 'DaVita Inc.',
'size': 'Large (2,600+ treatment centers)',
'type': 'Healthcare Provider'}],
'data_breach': {'data_encryption': True},
'date_detected': '2025-04-12',
'date_publicly_disclosed': '2025-04-13',
'description': 'US-based kidney dialysis firm DaVita suffered a ransomware '
'attack over the weekend (April 12, 2025), encrypting several '
'systems connected to its network and impacting operations. '
'The company operates over 2,600 treatment centers in 12 '
'countries. DaVita activated response protocols, isolated '
'impacted systems, and restored certain functions via '
"contingency plans to continue patient care. The attacker's "
'identity and scope of data exfiltration remain unknown. Law '
'enforcement was notified, and cybersecurity experts are '
'assisting in the investigation.',
'impact': {'operational_impact': 'Partial disruption of operations; certain '
'functions restored via contingency plans',
'systems_affected': ['Network-connected systems (encrypted)']},
'investigation_status': 'Ongoing (scope, nature, and potential impact under '
'assessment)',
'ransomware': {'data_encryption': True},
'references': [{'date_accessed': '2025-04-13',
'source': 'SEC Form 8-K Filing (DaVita Inc.)'}],
'regulatory_compliance': {'regulatory_notifications': ['SEC Form 8-K filing']},
'response': {'communication_strategy': ['SEC Form 8-K filing',
'Public disclosure'],
'containment_measures': ['Isolation of impacted systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Implementation of contingency plans to '
'restore certain functions'],
'third_party_assistance': ['Cybersecurity experts']},
'title': 'Ransomware Attack on DaVita',
'type': 'Ransomware Attack'}