DaVita Inc. confirms data breach affects over 100k people after ransomware attack

On March 24, 2025, DaVita Inc. was the victim of a cyberattack that resulted in unauthorized access to certain network servers, primarily at its laboratories. The breach continued undetected until April 12, 2025, when DaVita discovered the incident, blocked the threat actor, and initiated their incident response protocols.

Upon investigation, DaVita determined that the threat actor had accessed and removed sensitive data from its dialysis labs database. The data breach was disclosed to the U.S. Department of Health and Human Services on Aug. 1, 2025, with a reported 2,689,826 individuals compromised.

The exposed information varied by individual but included both personally identifiable information (PII) and protected health information (PHI): names, addresses, dates of birth, Social Security numbers, health insurance policy or ID numbers, driver’s license or government-issued ID numbers, tax identification numbers, financial and banking information, credit or debit card numbers, internal DaVita identifiers, certain clinical information, health conditions, other treatment information, and dialysis lab test results.

In limited cases, images of checks written to DaVita were also compromised.

The scale of the breach was extensive, affecting over two million individuals across multiple states. For example, 81,740 people in Texas, 7,829 in Massachusetts, 11,570 in South Carolina, 761 in Montana and 13,404 in Washington were impacted, according to state attorney general filings.

DaVita publicly disclosed the breach through multiple channels, including notices to state attorneys general, a dedicated incident website, and a filing with the SEC. The company also provided official disclosures to the California Attorney General, Massachusetts Attorney General, South Carolina Attorney General, Texas Attorney General, Montana Attorney General and Washington Attorney General.

DaVita's response

To support affected individuals, DaVita is providing written notification by mail to those with a valid address on file. The notification includes details on the types of information exposed and offers complimentary credit monitoring and identity theft protection services through Experian IdentityWorks. Affected individuals can enroll in these services using a unique activation code provided in their letter. Additionally, DaVita has established a dedicated call center at 833-931-7489, available Monday through Friday from 8 a.m. to 8 p.m. Central Time, to answer questions and provide assistance.

Given the sophistication of the attack and the sensitivity of the data involved, DaVita encourages all potentially affected individuals to remain vigilant by monitoring financial accounts, reviewing credit reports, and reporting any suspicious activity to financial institutions and law enforcement. The company has also enhanced its security monitoring tools and system controls to reduce the risk of future incidents.