Ransomware attack disrupts DaVita operations

DaVita, a leading U.S. dialysis provider, experienced a ransomware attack that encrypted parts of its network and disrupted operations. 

What happened 

U.S. dialysis services provider DaVita has confirmed that portions of its network were encrypted and certain operations disrupted following a ransomware intrusion over the weekend of the 11th of April, 2025. The cyberattack, which occurred on Saturday, the 12th of April, 2025, forced the company to activate emergency protocols to maintain care for patients across its facilities.

While DaVita has not disclosed the extent of the intrusion, the company said in a regulatory filing that it swiftly implemented contingency measures, including isolating affected systems, to ensure the continuation of patient services. The incident has been reported to law enforcement, and a formal investigation is already underway.

See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)

What was said

“We are actively working to assess and remediate the incident with the assistance of third-party cybersecurity professionals and have notified law enforcement of the matter,” says DaVita in its SEC regulatory filing. “We have implemented our contingency plans, and we continue to provide patient care. However, the incident is impacting some of our operations, and while we have implemented interim measures to allow for the restoration of certain functions, we cannot estimate the duration or extent of the disruption at this time.” They further said, “Given the recency of the incident, our investigation and response are ongoing, and the full scope, nature, and potential ultimate impact on the Company are not yet known.”

In the know

A ransomware attack is a cybercrime in which hackers infiltrate a computer network and encrypt its data, essentially locking out users. The attackers typically demand a ransom payment, often in cryptocurrency, in exchange for the decryption key. 

For the prevention of ransomware attacks, the U.S. Department of Health and Human Services’ Office for Civil Rights recommends: 

• Training staff:  Educating employees on phishing and running simulated tests.
• Patching systems: Regularly fixing software vulnerabilities and testing for risks.
• Using multi-factor authentication (MFA): Implementing MFA protects accounts with extra verification to prevent unauthorized access.
• Strengthen access controls: Limits access based on roles; manages privileged accounts; uses firewalls and network segmentation.
• Monitoring system logs: Reviewing and backing up logs to detect and respond to attacks early.
• Using federal resources: Applying HHS tools like the Cybersecurity Performance Goals, HICP, and OCR newsletters for ongoing guidance.

Go deeper: OCR releases ransomware prevention guidance

Why it matters

The recent ransomware attack on DaVita stresses the cybersecurity challenges faced by the U.S. healthcare sector. The DaVita breach, though managed swiftly to maintain patient care, shows how gaps in training, access control, and data protection can leave even major providers vulnerable. By aligning with HIPAA’s Security Rule and adopting proactive cybersecurity practices, healthcare organizations can better protect sensitive data, ensure care continuity, and reduce the likelihood and impact of future attacks.

Read also: Investing in cybersecurity

FAQS

How do ransomware attacks typically happen?

Ransomware attacks often begin with phishing emails, compromised credentials, or software vulnerabilities that allow attackers to gain access to a network.

Should affected organizations pay the ransom?

Law enforcement agencies generally advise against paying ransoms, as it does not guarantee data recovery and may encourage further attacks.

Go deeper: To pay or not to pay: Cyberattack ransoms in healthcare

How long does it take to recover from a ransomware attack?

Recovery time varies depending on the severity of the attack, the effectiveness of incident response plans, and whether reliable data backups are available.