Kidney dialysis services provider DaVita said it fell victim to a ransomware attack over the weekend that disrupted some of its operations, according to a filing with the Securities and Exchange Commission (SEC).
“On April 12, 2025, DaVita became aware of a ransomware incident that has encrypted certain elements of our network,” the organization told the SEC.
DaVita said it immediately activated response protocols and containment measures, isolating the impacted systems, noting that the incident is impacting some of its operations.
“We are actively working to assess and remediate the incident with the assistance of third-party cybersecurity professionals and have notified law enforcement of the matter,” the company said.
According to the filing, DaVita’s incident response team implemented interim measures to restore certain functions, but could not estimate how long it would take to fully address the disruption.
“Given the recency of the incident, our investigation and response are ongoing, and the full scope, nature, and potential ultimate impact on the company are not yet known,” the company said.
DaVita has not named the ransomware group responsible for the attack, nor did it share details on the attacker’s ransom demands or say whether any data was stolen in the incident.
DaVita provides kidney dialysis services through roughly 3,000 outpatient centers, more than 2,500 of which are in the United States. Approximately 200,000 of DaVita’s 250,000 patients are in the US, where it has a 37% share of the dialysis market.
“We are currently experiencing a cyber incident that has impacted certain systems in our network. We have activated backup systems and manual processes to ensure there’s no disruption to patient care. Our teams, along with external cybersecurity experts, are actively investigating this matter and working to restore systems as quickly as possible,” DaVita said, responding to a SecurityWeek inquiry.
*Updated with statement from DaVita.
Related: Operations of Sensor Giant Sensata Disrupted by Ransomware Attack
Related: Port of Seattle Says 90,000 People Impacted by Ransomware Attack
Related: Hunters International Ransomware Gang Rebranding, Shifting Focus
Related: Legacy Medical Devices Remain Easy Targets for Ransomware
