DaVita Incident Update
Last Updated: May 27, 2025
We continue working diligently to address the recent cybersecurity incident. Importantly, throughout our response to this matter, care delivery has continued and we continue to accept patients. At this time, all major systems have been rebuilt and restored in a secure manner. We are in the process of conducting a thorough review of the data involved in this incident and we will notify any affected parties and individuals, as appropriate.
Frequently Asked Questions (FAQs)
1. What happened?
On April 12, 2025, DaVita became aware of a ransomware incident that affected and encrypted certain on-premises systems. We activated our incident response protocols and implemented containment measures, including proactively disconnecting parts of the network.
External cybersecurity experts are assisting with our response, remediation and recovery efforts. At this time, all affected systems have been rebuilt and restored in a secure manner. While the incident resulted in temporary disruption to our internal operations, our centers remained open and patients continued to receive care.
2. What had DaVita done to address this incident?
Among other precautions, DaVita has taken the following steps:
- Care Continuity: Our centers have remained open and patients continue to receive care.
- Containment and Remediation: We activated our incident response protocols and implemented containment measures, including proactively disconnecting parts of the network. We also engaged cybersecurity experts Palo Alto’s Unit 42, Mandiant and CYPFER to assist with response, remediation and recovery efforts.
- Recovery and Restoration: At this time, all major systems have been rebuilt and restored in a secure manner.
3. Is patient care disrupted?
Care delivery at our centers and for patients treated at home continues, and we continue to accept new patients.
4. Is DaVita accepting new patients?
Yes, DaVita is accepting new patients as normal.
- If you have any questions on admissions, contact DaVita at 888-920-6577
5. What data was compromised?
We are in the process of conducting a thorough review of the data involved in this incident. We are working as quickly as possible and will notify any affected parties and individuals, as appropriate.
6. I heard that data was posted on the dark web. Is that true?
We are aware of the post on the dark web and are in the process of conducting a thorough review of the data involved. We are working as quickly as possible and will notify any affected parties and individuals, as appropriate.
7. When will you be fully operational?
At this time, all major systems have been rebuilt and restored in a secure manner. Care delivery has continued throughout our center locations.
8. Is law enforcement aware of the incident?
Yes. We are cooperating and coordinating with law enforcement.
9. Have regulators been notified of the incident?
Yes. DaVita has notified Centers for Medicare & Medicaid Services, filed an 8-K report with the U.S. Securities and Exchange Commission and is also working with other government authorities, including the Federal Bureau of Investigation on this matter.