Cyber Incident Update
Last Updated: August 1, 2025
On April 12, 2025, we discovered that DaVita experienced a cyber incident that resulted in unauthorized access to certain DaVita network servers. Upon discovery, we initiated our incident response protocols and were able to eradicate the unauthorized party from our systems. We also engaged third-party forensic experts to conduct a review of the impacted servers, and to assist with containment, eradication of the threat actor, and remediation. We have also reported the incident to law enforcement and continue to cooperate with them in their investigation.
Throughout our response to this matter, patient care delivery has continued. At this time, all major network servers and systems that were impacted have been restored in a secure manner.
Through an extensive investigation, we understand that the cyber incident started on March 24, 2025, and continued until the threat actor was blocked from our servers on April 12, 2025. On April 24, 2025, the threat actor posted on its leak site data it claimed to have taken from DaVita. DaVita worked diligently to determine what information was involved, and on or about June 18, 2025, we were able to obtain the set of data the threat actor posted and determine that sensitive personal information from our dialysis labs database was involved. The information involved varied by individual and may have included certain demographic information, such as name, address, date of birth, social security number, health insurance-related information, and other identifiers internal to DaVita, as well as certain clinical information, such as health condition, other treatment information, and certain dialysis lab test results. For some individuals, the information included tax identification numbers, and in limited cases images of checks written to DaVita.
Patients, and/or the estates of former patients, whose information was potentially involved and have a valid mailing address on file will receive a notification letter in the mail. For living patients and former patients, the letters will describe how they may enroll in complimentary credit monitoring and identity theft protection. Although we currently have no evidence that information has been subject to fraud, it is advisable for individuals to remain vigilant and to regularly review financial accounts and immediately report to their financial institutions and law enforcement as appropriate any suspicious or unrecognized activity. As the sophistication of cyber incidents increases, we remain vigilant, continue to work with authorities and external experts, and enhance both education of our workforce and data security protocols to adapt to this increased sophistication.
If you have questions about this incident, a dedicated call center can be reached at 833-931-7489 toll-free Monday through Friday from 8 am to 8 pm Central Time (excluding major U.S. holidays). Please be prepared to provide this engagement code: B148128.
Frequently Asked Questions
1. What happened?
On April 12, 2025, DaVita discovered that it experienced a cyber incident that resulted in unauthorized access to certain DaVita network servers. Upon discovery, we initiated our incident response protocols and were able to eradicate the unauthorized party from our systems. We also engaged third-party forensic experts to conduct a review of the impacted servers, and to assist with containment, eradication of the threat actor, and remediation.
2. Is the network safe again?
All impacted systems have been restored in a secure manner, with a focus on our long-term information security.
3. Why did I receive a letter? I have not been treated at DaVita.
Your information may have been maintained by DaVita’s subsidiary, DaVita Labs, which processes lab results for other healthcare providers, practices, and other entities.
1. What immediate steps did you take in response to the incident?
Upon confirmation of the incident, we initiated our incident response protocols and, through our legal counsel, engaged third-party forensic experts to conduct a comprehensive review of the impacted network servers, and assist with containment, eradication of the threat actor, and remediation. We also notified federal law enforcement and continue to cooperate fully with law enforcement as their investigation continues.
2. How are you preventing future incidents?
We have worked closely with external cybersecurity experts with a focus on further enhancing our information security. We will continue to monitor the information security of our systems and make improvements and enhancements where appropriate.
1. How do I know if my information was affected?
If it was determined that your information was likely involved and if we have a valid mailing address for you, you will receive a letter in the mail containing additional information on the incident, the information involved, and steps you can take. You can also contact a toll-free call center dedicated to answer questions about this incident at 833-931-7489. It is available Monday through Friday from 8 am to 8 pm Central Time, excluding major U.S. holidays. Callers should be prepared to provide this engagement code: B148128.
2. What types of personal information were involved?
We have conducted an extensive investigation and review of impacted data files to determine what information was involved. The data involved included information from our dialysis labs database. The involved information varied by individual, and may have included certain demographic information, such as name, address, date of birth, social security number, health insurance-related information, and other identifiers internal to DaVita, as well as certain clinical information, such as health condition, other treatment information, and certain dialysis lab test results. For some individuals, the information included tax identification numbers and, in limited cases, images of personal checks written to DaVita.