Ransomware Attack at DaVita Impacted 2.7 Million People, US Health Dept Website Shows

A ransomware attack that encrypted certain elements of dialysis firm DaVita’s network impacted 2.7 million people, the U.S. health department’s website showed on Thursday.

The firm had disclosed in April that it was hit by a cyberattack. At the time, it said it would continue to provide patient care as it took measures to restore certain functions, but it could not “estimate the duration or extent of the disruption.”

DaVita provides dialysis, a treatment which mechanically cleans a patient’s blood when their kidneys are not functioning properly, through its network of nearly 3,000 outpatient clinics and at-home services.

DaVita confirmed in a statement that the threat actor gained unauthorized access to its labs database, which contained some patients’ sensitive personal information.

“We’re notifying current and former patients and providing them with resources, including complimentary credit monitoring, to help safeguard their data,” the company said on Thursday.

Related: Hack at Allianz Life Impacts 1.1 Million Customers

Despite the attack, DaVita said its teams maintained uninterrupted delivery of critical care.

The cybersecurity incident had resulted in a temporary disruption of the company’s operations.

During the second quarter of 2025, the company incurred charges of about $13.5 million, which increased its patient care costs by $1 million and its general and administrative expenses by $12.5 million to remediate the cybersecurity incident and restore systems with the assistance of third-party professionals.

(Reporting by Sriparna Roy in Bengaluru; additional reporting by Bipasha Dey in Bengaluru. Editing by Mohammed Safi Shamsi and Alan Barona)