On April 14, Denver-based kidney dialysis provider DaVita disclosed that it had fallen victim to a ransomware attack. The company stated that it first noticed the breach on April 12.
“Upon discovery, we activated our response protocols and implemented containment measures, including proactively isolating impacted systems. We are actively working to assess and remediate the incident with the assistance of third-party cybersecurity professionals and have notified law enforcement of the matter,” DaVita noted in its regulatory filing.
Reuters’ Bhanvi Satija reported on Monday that a U.S. unit of DaVita’s rival Fresenius Medical Care was attacked in 2023, during which data, including medical records on 500,000 patients, was stolen.
“Ransomware attacks such as this against healthcare facilities can cause significant issues for current and past patients. While the release does not currently mention a theft of data, it is extremely common for that to occur alongside the encryption component. This means patients should keep an eye open for future notifications from DaVita related to their data being breached or for unusual credit transactions being attempted,” Erich Kron, security awareness advocate with KnowBe4, commented in response to the breach.
Investigations are ongoing, DaVita stated.
