DaVita experienced a significant data breach affecting over 900,000 individuals, potentially exposing Social Security Numbers and personal health information. The incident marks one of the largest ransomware data breaches this year, ranking as the seventh largest overall. Interlock, the ransomware group responsible, has a history of targeting healthcare providers and has claimed to have stolen over 79.2 TB of data from various victims. This event underscores the vulnerability of healthcare systems to cyberattacks and the increasing scale of ransomware threats.
Rebecca Moody, Head of Data Research at Comparitech: "This attack on DaVita is one of the largest data breaches via ransomware this year so far. It's the seventh largest overall, the third largest in the U.S., and the third largest on a healthcare provider. This highlights the far-reaching consequences these attacks have, particularly as ransomware gangs remain increasingly focused on stealing vast quantities of data."
Interlock, in particular, is notorious for its data theft claims. Across its 54 victims, it alleges to have stolen over 79.2 TB of data, with an average of nearly 1.5 TB per victim. This is higher than most other groups (in July 2025, for example, the average known data theft across all attacks by all groups was just over 475 GB).
This incident with DaVita is a sobering illustration of how ransomware campaigns continue to target healthcare's most critical third-party providers. Operating more than 2,600 dialysis clinics nationwide, DaVita serves over 200,000 patients.
In April they suffered a ransomware attack, later claimed by the Interlock ransomware gang, which reportedly exfiltrated and leaked terabytes of patient data including sensitive personal health information.
Collection
[
|
...
]