Ransomware cyber

DaVita Healthcare

May 31, 2025 1 min read
DaVita Healthcare

Interlock ransomware group targeted DaVita Healthcare, a major healthcare provider specializing in kidney dialysis treatment. In April 2025, the group stole a staggering 20 terabytes (TB) of sensitive patient data. This attack highlights a significant shift in targets for the Interlock ransomware group, which is known for its double-extortion tactics. The theft of such a large amount of sensitive data raises concerns about the security of healthcare information and the potential for further attacks on critical sectors.

Source: https://hackread.com/interlock-ransomware-new-nodesnake-rat-in-uk-attacks/

TPRM report: https://scoringcyber.rankiteo.com/company/davita

"id": "dav747053125",
"linkid": "davita",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': ['Education', 'Healthcare'],
                        'location': ['UK', 'North America'],
                        'name': ['Two universities in the UK',
                                 'DaVita Healthcare'],
                        'type': ['Education', 'Healthcare']}],
 'attack_vector': 'Remote Access Trojan (RAT)',
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'number_of_records_exposed': '20 TB',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Intellectual property',
                                              'Research data',
                                              'Sensitive patient data']},
 'description': 'Quorum Cyber discovered two new versions of NodeSnake RAT '
                'linked to the Interlock ransomware group, indicating a shift '
                'in targets to universities and local government bodies.',
 'impact': {'data_compromised': ['Intellectual property', 'Research data'],
            'systems_affected': ['Linux', 'Windows']},
 'initial_access_broker': {'high_value_targets': ['Universities',
                                                  'Healthcare providers']},
 'lessons_learned': 'Increased targeting of universities for intellectual '
                    'property theft and potential testing of new tactics.',
 'motivation': ['Espionage', 'Double-extortion'],
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransomware_strain': 'Interlock'},
 'recommendations': "Quorum Cyber's NodeSnake report provides detailed "
                    'technical analysis and recommendations to mitigate the '
                    'impact of the malware.',
 'references': [{'source': 'Hackread.com'}],
 'threat_actor': 'Interlock ransomware group',
 'title': 'Interlock Ransomware Group Targets Universities with NodeSnake RAT',
 'type': 'Malware (RAT)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.