One of the latest healthcare hacks may have had little clinical impact but should serve as a big reminder.
On April 12, DaVita, one of the largest dialysis providers in the US, serving 200,000+ patients, announced in an SEC filing that it had been hit by “a ransomware incident that has encrypted certain elements” of its network. Ransomware is a type of malware that blocks access to systems or data until a ransom is paid.
The attack is part of a growing—and troubling—trend of targeting third-party providers, according to Verizon’s 2025 Data Breach Investigations report, released April 23.
The good news. Hospitals in the US don’t seem to be experiencing any “significant impact” to patient care from this hack, such as an overflow of patients who haven’t received dialysis treatment, John Riggi, American Hospital Association (AHA) national advisor for cybersecurity and risk, told Healthcare Brew.
A DaVita spokesperson did not share specifics on the hack’s impact when asked by Healthcare Brew on April 21, but said the company had backup protocols in place to prevent disruptions to patient care.
The bad news. On April 24, cybersecurity news site BleepingComputer reported that the Interlock ransomware gang had claimed responsibility for the hack and allegedly leaked nearly 700,000 files presumably containing personal patient information and financial details to the dark web.
“We are aware of the post on the dark web and are in the process of conducting a thorough review of the data involved. A full investigation regarding this incident is still underway. We are working as quickly as possible and will notify any affected parties and individuals, as appropriate,” a DaVita spokesperson said in a statement to Healthcare Brew and other outlets.
This is another example of how hackers are increasingly targeting large third-party providers or business associates rather than specific hospitals. It’s a strategy to put pressure on as many people as possible to make victims more likely to pay a ransom to stop the attack, Riggi said.
Navigate the healthcare industry
Healthcare Brew covers pharmaceutical developments, health startups, the latest tech, and how it impacts hospitals and providers to keep administrators and providers informed.
“Lives are placed in danger when they have massive disruption like this, and ultimately, that can force the victim to pay a higher amount,” Riggi said.
(Healthcare Brew talked to Riggi before Interlock claimed the attack. He did not respond to a request for an updated comment on Thursday.)
A recent trend. In 2023, almost 133 million people were affected by healthcare data breaches, Modern Healthcare reported.
A majority—58%, or 77.3 million—had their data exposed because of a hack on a healthcare business associate, according to Modern Healthcare’s analysis of data from the Health and Human Services Department’s Office for Civil Rights breach portal. The report said this was a 287% increase from 2022.
Third-party healthcare attacks in 2024 include the Octapharma Plasma ransomware attack, the Change Healthcare attack, and the OneBlood attack, Riggi said.
Avoiding hack impacts. To avoid operational disruptions and to protect patients, Riggi encourages hospitals to partner with third-party providers that have backup systems and can continue providing care even if their systems go offline.
“We would advise our hospitals to ensure…life-critical third-party providers—like a blood supply, like a dialysis center—have invested in the capability to recover without having to pay a ransom,” he said.
The FBI encourages victims not to pay demanded ransoms, though things could get more complicated when there are lives on the line, Riggi said.
The US government considered at one point a blanket ban on ransom payments to cybercriminals, but that was put on pause in part because in some circumstances, paying a ransom could help hospitals get back to normal operations more quickly, IT Brew previously reported.
AHA does not track whether hospitals or other groups pay ransoms, Riggi said. A report from cyber extortion incident response firm Coveware of attacks across all sectors, including healthcare, found that the percentage of clients that did had shrunk from a peak of 85% in Q1 2019 to 36% in Q2 2024.