Redazione RHC : 24 August 2025 14:14
DaVita, an American company that operates a network of over 2,600 hemodialysis centers in the United States, reported a serious loss of patient personal data following a ransomware attack. According to updated data, the incident affected approximately 2.4 million people, although the initial notification to the U.S. Department of Health and Human Services indicated a figure of 2.7 million.
According to official information, the breach occurred on March 24 and lasted until April 12, 2025. That day, the attackers were forced to leave the company’s infrastructure, and it was then that DaVita filed a notification with the Securities and Exchange Commission (SEC) of the United States, indicating that part of the network resources were encrypted. The investigation confirmed that the criminals gained access to the lab’s database, from which they stole a wide range of confidential information.
The stolen data included names, addresses, dates of birth, Social Security numbers, health insurance information, and internal company identifiers. Clinical data, including diagnoses, treatment information, and lab test results for hemodialysis patients, was also stolen. For some victims, the data leak included phone numbers and, in some cases, images of checks made out to DaVita.
Sponsorizza la prossima Red Hot Cyber Conference!Il giorno Lunedì 18 maggio e martedì 19 maggio 2026 9 maggio 2026, presso il teatro Italia di Roma (a due passi dalla stazione termini e dalla metro B di Piazza Bologna), si terrà la V edizione della la RHC Conference. Si tratta dell’appuntamento annuale gratuito, creato dalla community di RHC, per far accrescere l’interesse verso le tecnologie digitali, l’innovazione digitale e la consapevolezza del rischio informatico. Se sei interessato a sponsorizzare l'evento e a rendere la tua azienda protagonista del più grande evento della Cybersecurity Italiana, non perdere questa opportunità. E ricorda che assieme alla sponsorizzazione della conferenza, incluso nel prezzo, avrai un pacchetto di Branding sul sito di Red Hot Cyber composto da Banner più un numero di articoli che saranno ospitati all'interno del nostro portale. Quindi cosa stai aspettando? Scrivici subito a [email protected] per maggiori informazioni e per accedere al programma sponsor e al media Kit di Red Hot Cyber. 
Se ti piacciono le novità e gli articoli riportati su di Red Hot Cyber, iscriviti immediatamente alla newsletter settimanale per non perdere nessun articolo. La newsletter generalmente viene inviata ai nostri lettori ad inizio settimana, indicativamente di lunedì. |
The company stated that patient care was not interrupted and that medical care was being provided as usual. However, all affected individuals were notified of the incident and received free credit history monitoring and other fraud protection tools. “We deeply regret this incident. Our specialists, along with external teams, took timely measures to restore systems and protect data,” DaVita said in a statement.
Although the company has not officially confirmed who was behind the attack, the Interlock group has previously claimed involvement and added DaVita to the list of victims on its resource for publishing stolen data.
According to researchers, Interlock has been active since September 2024 and has already carried out more than twenty confirmed attacks, including against healthcare organizations in the United States and Europe. This summer, they targeted Kettering Health, where an attack led to the interruption of chemotherapy and the cancellation of surgeries. In July, Interlock paralyzed the city of St. Paul, Minnesota, forcing the governor to declare a state of emergency and call in the National Guard.
U.S. federal agencies, including the FBI, HHS, CISA, and MS-ISAC, previously issued a joint advisory warning that Interlock’s perpetrators are acting for financial gain and using tactics that not only disable systems but also paralyze critical services. Considering the healthcare sector, the consequences of such attacks directly threaten human life and health.
DaVita emphasized that it intends to use the experience of this incident to strengthen its defenses and share the findings with colleagues in the medical sector. At the same time, the investigation is ongoing, and affected users are awaiting updates based on the analysis of the stolen data.
Redazione