Ransomware Attack Hits DaVita, Disrupts Operations at Denver-Based Dialysis Firm

Kidney care provider DaVita Inc. disclosed it was targeted by a ransomware attack on April 12, 2025, that encrypted parts of its network and disrupted some operational systems. The company, headquartered in Denver, Colorado, said in a regulatory SEC filing that the attack prompted the activation of incident response protocols, including system isolation and containment efforts. While the full extent of the breach remains under investigation, DaVita confirmed that patient care continues at its more than 2,600 outpatient dialysis centers, supported by interim measures. Law enforcement has been notified, and third-party cybersecurity experts have been brought in to assist.

As of Monday, no ransomware group has claimed responsibility for the attack, and the potential theft of patient data—commonly used for extortion—has not been confirmed. The company stated that it cannot yet estimate the duration or scope of the disruption. DaVita serves over 281,000 patients worldwide and employs approximately 76,000 people. The attack adds to a growing wave of cyber incidents targeting the U.S. healthcare sector, which has become an increasingly common target for ransomware groups due to the critical nature of its services and sensitive data.