DaVita, a global healthcare provider specializing in kidney care, suffered a cyberattack between **March 24 and April 12, 2025**, compromising the **protected personal information of nearly 2.7 million individuals**, including current and former patients. The breach exposed highly sensitive data such as **names, addresses, dates of birth, Social Security numbers, health insurance details, dialysis lab test results, tax identification numbers, and images of checks**. The threat actor later **posted the stolen data on a leak site on April 24**, and DaVita confirmed the authenticity of the leaked dataset on **June 18, 2025**. The incident forced DaVita to **restore impacted systems securely** while collaborating with external cybersecurity experts to mitigate future risks. Affected individuals were notified via mail and offered **complimentary credit monitoring through Experian** to prevent identity theft or financial fraud. The breach highlights severe vulnerabilities in healthcare data security, particularly given the **sensitive medical and financial records** involved, which could lead to long-term reputational damage, regulatory penalties, and patient distrust.
Source: https://www.knoxpages.com/2025/08/25/davita-cyberattack-what-locals-can-do-now-to-stay-safe/
TPRM report: https://www.rankiteo.com/company/davita
"id": "dav750082525",
"linkid": "davita",
"type": "Cyber Attack",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '2.7 million',
'industry': 'healthcare (kidney/dialysis care)',
'location': ['global',
'Mount Vernon, Knox County (local '
'facility)'],
'name': 'DaVita',
'type': 'healthcare provider'}],
'customer_advisories': ["FAQs published on DaVita's website",
'Credit monitoring enrollment instructions (Experian: '
'833-931-7489, code B148128)'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '2,700,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (PII, PHI, financial data)',
'type_of_data_compromised': ['name',
'address',
'date of birth',
'Social Security number',
'health insurance information',
'dialysis lab test results',
'tax identification numbers',
'images of checks written to '
'DaVita']},
'date_detected': '2025-03-24',
'date_publicly_disclosed': '2025-04-24',
'date_resolved': '2025-04-12',
'description': 'A cyberattack on DaVita, a global healthcare provider, '
'compromised the protected information of nearly 2.7 million '
'individuals. The breach began on March 24 and was contained '
'by April 12, 2025. On April 24, the hacker leaked some of the '
'stolen data on a dark web site. DaVita confirmed on June 18, '
'2025, that sensitive personal information from its dialysis '
'labs database was involved, including names, addresses, '
'Social Security numbers, health insurance details, lab '
'results, and financial data. Affected patients were notified '
'via mail and offered complimentary credit monitoring through '
'Experian.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'identity_theft_risk': True,
'payment_information_risk': True,
'systems_affected': True},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['dialysis labs database']},
'investigation_status': 'Completed (data leak confirmed on 2025-06-18; '
'systems restored securely)',
'post_incident_analysis': {'corrective_actions': ['Collaborated with external '
'cybersecurity experts',
'Enhanced information '
'security measures',
'Ongoing monitoring and '
'improvements to system '
'security']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Enroll in complimentary credit monitoring via Experian '
'(code: B148128, phone: 833-931-7489)',
'Monitor financial accounts and credit reports for '
'suspicious activity',
"Follow guidance provided in DaVita's notification "
'letters'],
'references': [{'source': 'DaVita Official Website (Incident Disclosure)'},
{'source': 'Knox County News (Local Coverage)'},
{'source': 'Knox County Chamber of Commerce (Cybersecurity '
'Training Announcement)'}],
'response': {'communication_strategy': ['public disclosure on website',
'FAQs for patients',
'direct mail notifications'],
'containment_measures': ['blocked hacker from servers by '
'2025-04-12'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'recovery_measures': ['notified affected patients via mail',
'offered complimentary credit monitoring '
'(Experian)'],
'remediation_measures': ['restored impacted systems securely',
'enhanced long-term information '
'security'],
'third_party_assistance': True},
'stakeholder_advisories': ['Letters mailed to affected patients and estates '
'of former patients'],
'title': "DaVita Cyberattack Exposes 2.7 Million Patients' Protected "
'Information',
'type': ['data breach', 'cyberattack']}