Ransomware gang Interlock claims attack on kidney dialysis company DaVita – 1.5 TB of data stolen

Today, ransomware gang Interlock has added kidney dialysis firm DaVita to its data leak site. It alleges to have stolen 1.5 TB of data, which includes 683,104 files and 75,836 folders.

On April 14, DaVita reported that it had suffered a ransomware attack on April 12, and this was “affecting and encrypting certain on-premises systems.” The attack continues to disrupt internal operations with DaVita having no “timeline for full restoration.” Patient care at its centers and patients’ homes continues, however.

Comparitech contacted DaVita about Interlock’s claims and was provided with the following statement:

We are disappointed in these actions against the healthcare community. We are aware that a cybercriminal is claiming responsibility for the recent cyber incident we experienced and has posted data allegedly associated with DaVita to a site they maintain on the dark web. Our investigation into the full scope of this incident remains ongoing with external cybersecurity experts, and we continue to coordinate with the FBI. 

 

We are in the process of validating the cybercriminal’s claims and are conducting a thorough review of the data potentially involved. Based on the findings of the investigation and validation of the data, we will notify relevant parties and individuals in accordance with applicable law and regulations.”

Who is Interlock?

Interlock first began adding victims to its data leak site in October 2024. As with most ransomware gangs today, it seeks a ransom payment for the decryption of systems and the deletion of stolen data.

Since October 2024, we’ve tracked 13 confirmed attacks via this group and a further 13 unconfirmed attacks that haven’t been acknowledged by the organizations in question. Interlock was also responsible for attacks on Texas Tech University Health Sciences Center (TTUHSC) in September 2024, which saw the breach of nearly 1.5 million records, and Brockton Neighborhood Health Center (BNHC) in November 2024, which affected nearly 97,500 people.

This year, it has been confirmed as the group behind six attacks on US organizations. This also includes:

We are also monitoring six unconfirmed attacks from this year so far.

Ransomware attacks on US healthcare companies

2025 has already seen 17 confirmed attacks on US healthcare companies, as well as a further 80 unconfirmed.

Other recently confirmed attacks include Alabama Ophthalmology Associates in which 131,576 had their data breached following an attack via BianLian in January 2025. Mental health service provider Horizon Behavioral Health also began notifying people of a breach this week following an attack by as-yet-uknown hackers in March 2025.

As we are seeing with DaVita, ransomware attacks on healthcare companies have the potential for widespread disruption. Not only can patient care be affected when systems are encrypted, but these attacks often have ongoing consequences when data is stolen by hackers. In 2024 alone, nearly 25.7 million individual records were breached across 160 ransomware attacks on US healthcare providers.

About DaVita

DaVita treats around 200,000 dialysis patients across the US and 13 other countries. 55,000 of its patients are located in the US. Its headquarters are located in Denver, Colorado.