DaVita, a US-based kidney dialysis firm operating over 2,600 treatment centers across 12 countries, suffered a ransomware attack on April 12, 2025. The attack encrypted critical systems, disrupting operations and forcing the company to isolate affected networks. While DaVita activated response protocols and restored some functions via contingency plans to maintain patient care, the full scope of the breach—including potential data exfiltration—remains unknown. The incident impacted core operations, with no estimated timeline for full recovery. No ransomware group has claimed responsibility, and the attacker’s identity is still under investigation. Given the nature of the attack and the company’s role in life-sustaining medical services, the disruption poses significant risks to patient treatment continuity, though no direct harm to individuals has been confirmed yet. The company is collaborating with cybersecurity experts and law enforcement to assess and mitigate the damage.
TPRM report: https://www.rankiteo.com/company/davitainternational
"id": "dav4502145092325",
"linkid": "davitainternational",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Healthcare (Kidney Dialysis)',
'location': 'United States (global operations in 12 '
'countries)',
'name': 'DaVita Inc.',
'size': 'Large (2,600+ treatment centers)',
'type': 'Healthcare Provider'}],
'data_breach': {'data_encryption': True},
'date_detected': '2025-04-12',
'date_publicly_disclosed': '2025-04-13',
'description': 'US-based kidney dialysis firm DaVita suffered a ransomware '
'attack over the weekend (April 12, 2025), encrypting several '
'systems connected to its network and impacting operations. '
'The company operates over 2,600 treatment centers in 12 '
'countries. DaVita activated response protocols, isolated '
'impacted systems, and implemented contingency plans to '
'restore certain functions and continue patient care. The '
"attacker's identity, scope of data exfiltration (if any), and "
'full impact remain unknown. Law enforcement was notified, and '
'cybersecurity experts are assisting in the investigation and '
'recovery.',
'impact': {'operational_impact': 'Disruption to operations; certain functions '
'restored via contingency plans',
'systems_affected': 'Multiple systems (encrypted)'},
'investigation_status': 'Ongoing (scope, nature, and potential impact under '
'investigation)',
'ransomware': {'data_encryption': True},
'references': [{'source': 'SEC Form 8-K Filing (DaVita Inc.)'},
{'source': "Cybersecurity News Article (Title: 'Kidney "
"dialysis firm DaVita suffers ransomware attack')"}],
'regulatory_compliance': {'regulatory_notifications': ['SEC Form 8-K filing']},
'response': {'communication_strategy': ['SEC Form 8-K filing',
'Public disclosure'],
'containment_measures': ['Isolation of impacted systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Implementation of contingency plans to '
'restore certain functions'],
'third_party_assistance': True},
'title': 'Ransomware Attack on DaVita',
'type': 'Ransomware Attack'}