DaVita kidney care clinics hit by ransomware attack

Chad Van Alstin | | Health Exec | Cybersecurity
Ransomware Cyberattack Data Breach

Source

iStock

A chain of kidney dialysis centers was hit by a ransomware attack that impacted operations and took part of its systems offline.

DaVita said in a Monday filing with the Securities and Exchange Commission (SEC) that it discovered the breach of its network on April 12, and in response, deployed “containment measures, including proactively isolating impacted systems.”

The kidney care provider said that, while some operations have been disrupted, it is still providing care to patients. It did not disclose a timeline for when its centers would once again be fully operational, adding that it “cannot estimate the duration or extent of the disruption at this time.”

However, DaVita did confirm to the SEC that the attack “encrypted certain elements” of its network. Specifics on whether there was an associated ransomware demand—as well as details on how cybercriminals were able to gain access—were not revealed.

DaVita operates more than 2,600 outpatient dialysis centers nationwide. Whether the ransomware attack impacted some or all of them is still unknown, as an investigation is presumably ongoing. 

As of press time on Tuesday, the company has yet to release a public statement about the data breach, and nothing has been posted on its website. However, in comments to media outlets, a spokesperson said “teams, along with external cybersecurity experts, are actively investigating this matter and working to restore systems as quickly as possible.”

DaVita is a publicly traded company. However, news of the hack appears to have minimally impacted its stock price.

HealthExec reached out to DaVita for more details, including if a ransom demand stemmed from the attack and if patient data was moved offsite. The company sent the following statement:

"We are currently experiencing a cyber incident that has impacted certain systems in our network. We have activated backup systems and manual processes to ensure there's no disruption to patient care. Our teams, along with external cybersecurity experts, are actively investigating this matter and working to restore systems as quickly as possible."

More Cybersecurity News:

UnitedHealth garnishing claims to recoup ‘loans’ from Change Healthcare hack
Oracle Health denies cloud breached as second attack confirmed
Change Healthcare files to have federal lawsuits dismissed
ChatGPT exploit could cause data breaches in healthcare, experts warn
HHS releases DDoS attack response plan
Chad Van Alstin Health Imaging Health Exec
Chad Van Alstin

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Related Content

Hospitals, Epic sued after clinician allegedly accesses nude photos of 400+ patients
UnitedHealth garnishing claims to recoup ‘loans’ from Change Healthcare hack
UMMC sued after pharmacist allegedly hacked computers to spy on women
Oracle Health denies cloud breached as second attack confirmed
Data breach at Oracle Health leads to extortion of hospitals
Change Healthcare files to have federal lawsuits dismissed

Around the web

Cardiovascular Business
Reimbursements, non-compete clauses and more: SCAI focused on key policies in interventional cardiology

SCAI President James B. Hermiller, Jr., MD, detailed the group's key policy concerns in 2025 and beyond in a new video interview. 

Radiology Business
States may be a better bet for radiology advocacy than Washington

RBMA board member Kit Crancer offers an update on Medicare reform and advocacy in Congress and how medical societies may be able to get more traction in state legislatures.
 

Cardiovascular Business
Cardiologist compensation drops 4%—still higher than most other healthcare specialties

Cardiology still ranks No. 4 overall, trailing just orthopedics, radiology and plastic surgery.