A big ransomware attack has hit DaVita. The company is one of the largest dialysis service providers in the United States. An update on the U.S. health department’s website shows the attack affected about 2.7 million people.

Hackers breach DaVita network

DaVita first said in April that it had faced a cyberattack. The company said it was working to fix its systems. It also said it would keep providing care for patients. The attack locked parts of DaVita’s computer network. This caused a short disruption in operations.

The company runs nearly 3,000 dialysis clinics. It also provides care at home. Dialysis is a treatment that cleans the blood when the kidneys do not work. Many patients need dialysis to stay alive. The attack raised concerns about whether this critical care would be affected.

DaVita has confirmed that, despite the disruption, its medical teams were able to continue treatments without interruptions. However, the attack had a major impact on the company’s data systems.

Sensitive patient information exposed

DaVita stated that the hackers gained unauthorized access to a lab database containing sensitive information of both current and former patients. The compromised database included personal details, although the company has not publicly listed the exact type of information accessed.

DaVita has started telling affected people about the breach. It is also giving them free credit monitoring. This is to help patients protect their personal data. It can also reduce the risk of identity theft or fraud from the stolen information.

The health department’s update has put the number of affected people at 2.7 million, making this incident one of the largest healthcare data breaches in recent years.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

The attack is part of a wider trend where hospitals, clinics, and healthcare providers are increasingly targeted by cybercriminals. Such attacks are particularly dangerous because they involve sensitive patient data and can affect life-saving treatments.

DaVita emphasized that while the data breach is serious, the delivery of dialysis treatments remained uninterrupted. Its clinical teams continued their work even as IT professionals and outside experts worked to repair the damage.

Financial toll of the cyberattack

The ransomware attack cost DaVita a lot of money. In the second quarter of 2025, the company spent about $13.5 million to handle the breach.

This included about $1 million for extra patient care. It also added $12.5 million in other expenses. DaVita used most of this money to improve cybersecurity. It also worked on restoring systems. The company hired outside experts to investigate and secure the network.

U.S. government takes $2.8 million in cryptocurrency from alleged ransomware operator

Ransomware attacks usually happen when hackers lock files or systems. They then ask for money to unlock them. DaVita has not said if it paid any ransom. The company said it worked with outside experts to restore its systems.

The breach has put millions of patients in a risky position. Their sensitive data may now be exposed. DaVita has taken steps to help the affected people. But the size of the attack shows how much cyber incidents can harm healthcare companies and patients.