Dive Brief:
- Data from 2.7 million people were exposed after a ransomware attack on kidney care provider DaVita this spring, according to a report to federal regulators.
- DaVita determined in April that an unauthorized user had gained access to its servers. Later that month, the attacker posted leaked data it claimed to have stolen from DaVita. The kidney care provider was able to obtain that information in June, which included sensitive personal information from its dialysis labs database.
- The data breach is one of the largest healthcare incidents reported to the HHS’ Office for Civil Rights this year, following breaches at Yale New Haven Health, UnitedHealth-owned healthcare services firm Episource and Blue Shield of California.
Dive Insight:
DaVita, which operates more than 2,600 outpatient dialysis centers across the country, said it first discovered the cyber incident on April 12. Ransomware group Interlock claimed responsibility for the DaVita attack, according to cybersecurity news site Bleeping Computer.
Patient care continued during the kidney care provider’s recovery, and all major impacted servers and systems are now restored, according to a notice last updated on Aug. 1.
However, the attack exposed patient data. Compromised information include names, addresses, birth dates, Social Security numbers, and insurance and clinical data — like treatment details and certain dialysis lab test results, DaVita said in the notification.
The ransomware attack also impacted DaVita financially. The provider incurred about $13.5 million in expenses in the second quarter from the incident, including a $1 million increase in patient care costs and $12.5 million in general and administrative expenses, according to a securities filing.
The costs didn’t include impacts from business interruptions. But the cyberattack negatively impacted DaVita’s billing and revenue collection as well as patient census, which the provider expects will hit treatment revenue and volumes for the full year.
Interlock may have targeted the healthcare sector before. Kettering Health, an Ohio-based health system that was hit by a ransomware attack in late May, has said it had reason to believe Interlock was also behind its attack.
Cybersecurity authorities and the federal government have warned about the group too. In July, the FBI, HHS, Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center said Interlock was targeting various businesses, including critical infrastructure, in North America and Europe.
DaVita’s attack comes as ransomware, a type of malware that denies users access to their data until a ransom is paid, has become a growing threat to the healthcare sector.
The attacks can seriously hinder provider operations, limiting their access to critical technology like electronic health records and forcing them to delay care or send emergency cases to other facilities. Some providers have said mortality rates rose in the wake of a ransomware attack.
