DaVita said on Monday it was hit by a ransomware attack that encrypted certain elements of its network, and some of its operations remained disrupted despite interim measures.
While the dialysis service provider continued to provide patient care as it took measures to restore certain functions, it could not “estimate the duration or extent of the disruption at this time”, DaVita said in a regulatory filing.
The measures included separating some impacted systems from its network.
DaVita discovered the cyberattack on Saturday and is now assessing the incident with third-party cybersecurity professionals. It has also notified law enforcement about the attack, the company said.
The dialysis firm did not immediately respond to a Reuters’ request for details about its containment measures and the extent of the cyberattack.
DaVita provides dialysis – a treatment which mechanically cleans the blood when the kidneys are not functioning properly – through its network of nearly 3,000 outpatient clinics and at-home services.
Last year, DaVita served around 200,000 patients in the U.S., besides providing services through about 760 hospitals, according to the company’s annual report.
The incident marks yet another cyberattack in the U.S. healthcare sector. A U.S. unit of DaVita’s rival Fresenius Medical Care was hit by a hack in 2023, in which data including medical records on 500,000 patients and former patients were stolen.
Last year, UnitedHealth Group’s tech unit was hit by a ransomware attack that affected the personal information of 100 million people and caused widespread disruptions in processing health insurance claims, including with DaVita.
