The group of Interlock ransomware initiated a release of data reportedly pilfered from prominent kidney dialysis firm DaVita

AndyC 25 April 2025

The hacking team Interlock ransomware has commenced the exposure of data supposedly taken from the prominent kidney dialysis corporation DaVita

Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita

The hacking team Interlock ransomware has commenced the exposure of data supposedly taken from the prominent kidney dialysis corporation DaVita

Pierluigi Paganini
April 25, 2025

Taking credit for breaching the security of top kidney dialysis company DaVita, the Interlock ransomware gang disclosed purportedly taken data.

DaVita Inc. provides kidney dialysis services through a network of 2,675 outpatient centers in the United States, catering to 200,800 patients, with an additional 367 outpatient centers in 11 other countries, serving 49,400 patients. DaVita is specialized in managing end-stage renal disease (ESRD), necessitating patients to undergo dialysis three times a week unless they receive a kidney transplant. The corporation commands a 37% share of the U.S. dialysis market and is headquartered in Denver despite its incorporation being in Delaware.

The enterprise is positioned at 341st on the Fortune 500 list.

On April 18, 2025, the corporation unveiled that it is actively investigating and dealing with a recent cybersecurity issue that has temporarily disrupted specific internal operations.

Focused on ensuring uninterrupted in-patient dialysis treatment post the cyber breach, DaVita has activated backup plans and manual processes where essential and is in the process of securely restoring impacted systems.

“On April 12, 2025, DaVita was made aware of a ransomware incident that impacted and encrypted certain on-premises systems. We initiated our incident response strategies and executed containment measures, including pre-emptively disconnecting segments of the network.

External cybersecurity specialists are engaged in supporting our response, rectification, and recovery endeavors, and we are currently reconstructing and reinstating encrypted systems while ensuring secure online restoration.” the firm stated. “Although the incident led to a disruption in our internal operations, we are equipped with backup plans and manual processes as required, with a focus on ensuring seamless patient care continuity.”

The Interlock ransomware gang has claimed responsibility for the cyber onslaught on DaVita.

DaVita

The organization proclaimed the seizure of 1510 GB of classified data, which included patient records, insurance details, and financial data. Interlock unveiled DaVita’s alleged stolen documents on their data leak platform.

Follow my updates on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DaVita)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

More Stories

Smashing Security podcast #448: The Kindle that got pwned

Smashing Security podcast #448: The Kindle that got pwned

AndyC 18 December 2025
SonicWall warns of actively exploited flaw in SMA 100 AMC

SonicWall warns of actively exploited flaw in SMA 100 AMC

AndyC 18 December 2025
Securing the Road Ahead: The Intersection of Cybersecurity and Intelligent Transportation

Securing the Road Ahead: The Intersection of Cybersecurity and Intelligent Transportation

AndyC 18 December 2025
Memory efficiency: Apple’s new competitive advantage

GNV ferry fantastic under cyberattack probe amid remote hijack fears

AndyC 18 December 2025
Askul data breach exposed over 700,000 records after ransomware attack

Askul data breach exposed over 700,000 records after ransomware attack

AndyC 18 December 2025
Russian state hackers targeted Western critical infrastructure for years, Amazon says

Russian state hackers targeted Western critical infrastructure for years, Amazon says

AndyC 18 December 2025

You may have missed

Hospital Ransomware Really is The Pitt

How CISOs Can Beat the Ransomware Blame Game 

AndyC 18 December 2025
Using AI to automatically cancel customers? Not a smart move

2026 Cyber Predictions: Accelerating AI, Data Sovereignty, and Architecture Rationalization 

AndyC 18 December 2025
Smashing Security podcast #448: The Kindle that got pwned

Smashing Security podcast #448: The Kindle that got pwned

AndyC 18 December 2025
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Private Certificate Authority 101: From Setup to Management

AndyC 18 December 2025
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

AndyC 18 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.