U.S. dialysis provider DaVita has confirmed that a ransomware attack compromised sensitive data of nearly 2.7 million individuals, according to information posted on the U.S. Department of Health and Human Services’ breach portal. The incident, which encrypted parts of the company’s network, has now been attributed to unauthorized access to its labs database, exposing patient information.
The attack, first disclosed in April, temporarily disrupted some of DaVita’s operations. At the time, the company stated it was unable to “estimate the duration or extent of the disruption,” though it assured that patient treatments would continue without interruption. DaVita operates nearly 3,000 outpatient dialysis centers across the United States in addition to providing home-based care.
In a statement issued on Thursday, the company acknowledged that the intruders accessed sensitive data tied to current and former patients. “We’re notifying current and former patients and providing them with resources, including complimentary credit monitoring, to help safeguard their data,” DaVita said. Despite the severity of the incident, the company emphasized that its teams successfully maintained uninterrupted delivery of life-sustaining dialysis care.
The cyberattack, however, came at a significant financial cost. During the second quarter of 2025, DaVita reported charges totaling $13.5 million directly linked to remediation efforts. These expenses included an additional $1 million in patient care costs and $12.5 million in higher administrative expenses as the company engaged third-party cybersecurity professionals to restore systems and strengthen defenses.
While DaVita continues to investigate the full scope of the breach, the incident highlights the growing risks healthcare providers face from cybercriminals. Dialysis patients, many of whom depend on regular treatments multiple times a week, require uninterrupted access to services, making healthcare infrastructure a high-value target for ransomware groups.
DaVita has stressed that patient safety and continuity of care remain its highest priorities. The company is working with law enforcement and cybersecurity experts to address vulnerabilities, restore impacted functions, and reinforce its IT infrastructure against future threats.
