Nearly a million patients hit by DaVita dialysis ransomware attack

NEWYou can now listen to Fox News articles!

Healthcare institutions have become a favorite target for bad actors, largely because of how easy they make it for attackers. In June, researchers discovered a healthcare data breach that exposed the personal information of around 8 million patients. All of this information was publicly accessible online without any passwords or authentication protocols.

The latest healthcare organization to fall victim to a breach is DaVita, which has put nearly a million people at risk. Headquartered in Denver, Colorado, DaVita provides dialysis treatment to about 200,000 patients across the U.S. and 13 other countries.

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

What you need to know DaVita ransomware attack

Kidney dialysis giant DaVita says nearly 916,000 people had personal and medical information exposed in an April ransomware attack (via Comparitech). The breach, which the company disclosed in state filings, compromised names, Social Security numbers, dates of birth, health insurance details, medical records, tax ID numbers, addresses and even images of checks made out to the company.

DaVita says the incident disrupted internal operations and primarily affected its laboratories. In its latest notice to victims, the company says the cyberattack began March 24, 2025, and continued until April 12. It has not confirmed whether a ransom was paid.

The DaVita incident is the second-largest U.S. healthcare ransomware attack by number of records this year, behind Frederick Health’s January breach. According to Comparitech, there have been 53 confirmed ransomware attacks on American healthcare providers in 2025 alone, compromising more than 3.2 million patient records.

6 ways to protect yourself from DaVita ransomware attack

The DaVita data breach exposed sensitive patient information. If you are affected or just want to stay one step ahead, these actions can help minimize your risk.

1. Don’t click on suspicious links or attachments and use strong antivirus software

The DaVita data breach likely gives attackers access to your contact details, which they can misuse. Avoid clicking on unexpected emails or messages, even if they look legitimate.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com/LockUpYourTech

2. Use a personal data removal service

Since your personal details were exposed in the DaVita breach, you’re more vulnerable to targeted fraud. Consider using a personal data removal service to scrub your personal details from data broker websites that sell your information.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

3. Use strong, unique passwords for every account

Reusing passwords increases your risk. A single leaked password can unlock multiple accounts. Use a password manager to generate and store secure passwords.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

4. Sign up for an identity theft protection service

DaVita is offering free identity theft and credit monitoring services to those affected by the breach. But even if you weren’t a victim of this specific breach, it’s still smart to protect yourself.

Identity theft protection services can alert you to suspicious activity, help you recover if your identity is stolen and often provide tools to freeze or lock your credit. That prevents fraudsters from opening new accounts in your name, and you can lift the freeze temporarily when needed.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft

5. Enable two-factor authentication (2FA)

Adding a second layer of login protection, like a text message or app-based code via 2FA, can make it much harder for DaVita attackers to access your accounts, even if your password is exposed.

6. Monitor your credit and financial accounts

Keep an eye out for strange charges or unfamiliar accounts. Set up alerts through your bank and review your credit report regularly to catch fraud early.

Kurt’s key takeaway

The investigation into the DaVita breach is ongoing, and the company has not disclosed how the hackers got in. Nearly a million people now face the possibility of their personal information being used for malicious purposes. Ransomware attacks on hospitals and clinics can lock critical systems, delay care and push providers back to paper records. In severe cases, they can force appointment cancellations and patient diversions and potentially endanger lives.

Should U.S. law require healthcare organizations to meet stricter cybersecurity standards? Let us know by writing to us at Cyberguy.com/Contact

The post Nearly a million patients hit by DaVita dialysis ransomware attack appeared first on Fox News.