DaVita Inc. Interlock Ransomware Attack

📅 2025-03-24 🦠 Interlock ransomware

Incident Details

DaVita Inc., one of the largest kidney dialysis providers in the US, disclosed a ransomware attack on April 12, 2025. Intrusion began March 24, 2025 and was eradicated April 12. Interlock ransomware group claimed responsibility, alleging theft of 20+ TB of data containing 200+ million rows of patient data. Official breach report confirmed 2,689,826 individuals affected; data included names, addresses, SSNs, dates of birth, and dialysis lab results. Attackers used Rclone to exfiltrate data via encrypted channels. DaVita disclosed via SEC 8-K under Item 1.05 (material cybersecurity incident). Multiple class action lawsuits filed.

Technical Details

Initial Attack Vector: Spear phishing emails targeting employees, followed by exploitation of vulnerabilities on a third-party internet-facing file transfer platform
Malware Family: Interlock ransomware

Timeline

2025-03-24 Breach occurred
2025-04-12 Publicly disclosed
2025-06-01 Customers notified