Interlock Ransomware Say It Stole 20TB of DaVita Healthcare Data – Source:hackread.com

Interlock ransomware group claims it stole 20TB of sensitive patient data from DaVita Healthcare. While the group has leaked 1.5TB; it is offering the rest of the data for a price which includes the personal details of millions of patients.

Patients receiving critical kidney dialysis treatment from DaVita, a major healthcare provider, are now facing the possible exposure of their sensitive information. A group of cyber criminals from the Interlock ransomware has claimed responsibility for the cyberattack on the company and has begun posting what they say is stolen patient data on their dark web leak site.

This development comes just two weeks after DaVita, which operates a vast network of over 2,500 dialysis centres across the United States and hundreds more in 13 other countries, informed the US Securities and Exchange Commission about the ransomware attack, after which the company’s share fell by 3%, as reported by Investopedia.

As Hackread.com previously reported, the attack, which occurred around April 12th, involved the encryption of parts of DaVita’s computer systems, causing disruptions to their internal operations. At the time of their initial disclosure, DaVita stated they were implementing contingency plans to ensure uninterrupted patient care, a crucial service for individuals with end-stage renal disease who require dialysis multiple times a week to survive.

Now, Interlock, a relatively new ransomware group that began listing victims on its leak site in October 2024, is claiming to have stolen a massive 1.51 terabytes of data from DaVita. They have already posted samples of this alleged stolen information, raising serious concerns about the privacy of DaVita’s patients.

DaVita has acknowledged the dark web posting and stated they are in the process of thoroughly reviewing the data involved. “We are disappointed in these actions against the healthcare community and will continue to share helpful information with our vendors and partners to raise awareness on how to defend against these attacks in the future,” their spokesperson stated.

The potential scale of the breach is significant considering that DaVita served approximately 281,100 patients worldwide through its extensive network of over 3,000 outpatient dialysis centres in 2024.

Cybersecurity experts, including Paul Bischoff from Comparitech, note that Interlock has been linked to a growing number of confirmed attacks since its emergence. It is worth noting that this group has previously claimed responsibility for a cyberattack on Texas Tech University Health Sciences Centre, an incident that reportedly compromised the medical information of over 530,000 individuals.

This track record emphasises the potential severity of the current situation for DaVita and its patients. The full scope of the compromised data and the potential consequences for affected individuals are yet to be determined as DaVita continues its investigation.

Paul Bischoff, Consumer Privacy Advocate at Comparitech, commented on the latest development, stating, “Interlock began listing victims in October 2024, demanding ransom for decrypting systems and deleting stolen data. We’ve tracked 13 confirmed and 13 unconfirmed attacks by the group and in 2025 alone, there have been 17 confirmed ransomware attacks on US healthcare companies, with 80 more unconfirmed.”

“As seen with DaVita, these attacks can severely disrupt patient care and lead to long-term data privacy issues. In 2024, nearly 25.7 million records were breached across 160 healthcare ransomware incidents,” Paul revealed.