Ransomware strikes again—this time targeting DaVita, one of the leading dialysis service providers in the United States. The company confirmed that a ransomware attack compromised part of its network and impacted 2.7 million individuals, according to the U.S. Department of Health portal.
The incident was detected on August 8, 2025, when attackers managed to encrypt critical parts of DaVita’s systems. As is common in these scenarios, the company was forced to shut down access, notify authorities, and bring in external experts to investigate and strengthen its cybersecurity posture.
Although DaVita had previously disclosed in April that it was facing an attack, the full scope was not yet clear. Now we know the impact was substantial.
DaVita provides dialysis treatment through nearly 3,000 outpatient clinics and home services. Despite the attack, the company assured that critical patient care continued uninterrupted, though there were temporary disruptions to internal operations.
More concerning is that attackers gained unauthorized access to the laboratory database, which contained personal and sensitive patient information. DaVita is currently notifying affected individuals—both current and former patients—and offering free credit monitoring services to help mitigate fraud risks.
In Q2 2025, DaVita reported that the incident resulted in approximately $13.5 million in expenses. Of that amount, $1 million went toward increased patient care costs, and $12.5 million toward system recovery and remediation supported by external specialists.
Additionally, the Qilin ransomware group claimed responsibility for the attack, alleging it had stolen 162,000 files (around 176 GB of data). They even published samples on their leak site, though the authenticity of the data has yet to be publicly confirmed.
At TecnetOne, we often emphasize that ransomware is not just a technical issue:
The DaVita case confirms that no sector is immune to ransomware—not even one as critical as healthcare. To protect your business, you need a comprehensive strategy: prevention, continuous monitoring, incident response plans, and ongoing training.
At TecnetOne, we can help you build that defense and respond quickly and effectively in the event of a cyberattack. In a world where threats grow more sophisticated every day, the key difference lies in how prepared you are when the inevitable happens.