DaVita had an 8K filing with the U.S. Securities and Exchange Commission (SEC) on April 14, 2025. Based on the information submitted, the kidney dialysis provider suffered a ransomware attack that led to the encryption of portions of its system. The attack happened on April 12, 2025 and affected a number of its operations.
In 2024, the Fortune 500 company based in Denver, CO operates over 2,650 outpatient treatment facilities in the U.S., 509 facilities in 13 countries, has 76,000 workers around the world, and provided treatment to about 200,000 patients in the U.S. The company documented income of $12.82 billion. Patients with kidney disease frequent the DaVita outpatient facilities because of the required dialysis. Any issues with patient services can consequently have critical health effects for patients.
DaVita mentioned that it quickly started its incident response procedures and isolated the affected systems to control the attack and limit its effect. It initiated backup systems and implemented manual processes to make sure that patient care could be continually provided. Although the DaVita ransomware attack interrupted operations, all dialysis centers stayed open and continued to give care to patients.
DaVita enforced temporary measures to allow the quick recovery of some functions. However, there is no estimated length of time or magnitude of disruption given, or a schedule to expect complete recovery. Third-party cybersecurity experts helped in the investigation and recovery from the attack. Law enforcement had been informed about the attack, yet no ransomware group seems to have claimed to be responsible for the attack.
The breach investigation and response are still ongoing. The complete scope, nature, and probable ultimate effect on the company are still unknown, as per the DaVita 8K filing. Although there is a growing pattern of ransomware groups not performing encryption, most steal sensitive information and use it to compel a ransom payment. At this early phase of the investigation, DaVita cannot confirm to what degree, if any, sensitive patient information was compromised or stolen. There has been no investigation of HIPAA violation associated with this incident to date.