Ransomware actors accessed DaVita's labs database starting March 24 and were removed on April 12. The attack exposed personal and clinical data affecting approximately 2.4 million individuals. Stolen data included names, addresses, dates of birth, Social Security numbers, health insurance details, internal identifiers, dialysis lab test results, health conditions, treatment information, tax identification numbers for some people, and limited images of checks. DaVita operates 2,661 U.S. dialysis centers. The company notified regulators, submitted a Form 8-K to the SEC, informed the Department of Health and Human Services, and began notifying current and former patients while offering complimentary credit monitoring.
...certain demographic information, such as name, address, date of birth, social security number, health insurance-related information, and other identifiers internal to DaVita, as well as certain clinical information, such as health condition, other treatment information, and certain dialysis lab test results. For some individuals, the information included tax identification numbers, and in limited cases images of checks written to DaVita.
Our teams, working with external experts, took swift action to address and recover from a cyber incident earlier this year, Regrettably, we have determined that the threat actor gained unauthorized access to our labs database, which contained some patients' sensitive personal information, As a result, we're notifying current and former patients and providing them with resources, including complimentary credit monitoring, to help safeguard their data.
Collection
[
|
...
]