Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label Hospital. Show all posts

DaVita Faces Ransomware Attack, Disrupting Some Operations but Patient Care Continues

 

Denver-headquartered DaVita Inc., a leading provider of kidney care and dialysis services with more than 3,100 facilities across the U.S. and 13 countries, has reported a ransomware attack that is currently affecting parts of its network. The incident, disclosed to the U.S. Securities and Exchange Commission (SEC), occurred over the weekend and encrypted select portions of its systems.

"Upon discovery, we activated our response protocols and implemented containment measures, including proactively isolating impacted systems," DaVita stated in its SEC filing.

The company is working with third-party cybersecurity specialists to assess and resolve the situation, and has also involved law enforcement authorities. Despite the breach, DaVita emphasized that patient care remains ongoing.

"We have implemented our contingency plans, and we continue to provide patient care," the company noted. "However, the incident is impacting some of our operations, and while we have implemented interim measures to allow for the restoration of certain functions, we cannot estimate the duration or extent of the disruption at this time," the company said.

With the investigation still underway, DaVita acknowledged that "the full scope, nature and potential ultimate impact on the company are not yet known."

Founded 25 years ago, DaVita reported $12.82 billion in revenue in 2024. The healthcare giant served over 281,000 patients last year across 3,166 outpatient centers, including 750+ hospital partnerships. Of these, 2,657 centers are in the U.S., with the remaining 509 located in countries such as Brazil, Germany, Saudi Arabia, Singapore, and the United Kingdom, among others. DaVita also offers home dialysis services.

Security experts warn that the scale of the incident could have serious implications.

"There is potential for a very large impact, given DaVita’s scale of operations," said Scott Weinberg, CEO of cybersecurity firm Neovera. "If patient records were encrypted, sensitive data like medical histories and personal identifiers might be at risk. DaVita has not reported data exfiltration, so it’s not clear if data was stolen or not."

Weinberg added, "For dialysis patients needing regular treatments to survive, this attack is extremely serious. Because of disrupted scheduling or inaccessible records, this could lead to health complications. Ransomware disruptions in healthcare may lead to an increase in mortality rates, especially for time-sensitive treatments such as dialysis."

The breach may also bring regulatory challenges due to DaVita’s international footprint.

"Regulations can differ with respect to penalties and reporting requirements after a breach based on the country and even the state in which the patients live or were treated," said Erich Kron, security awareness advocate at KnowBe4.

"A serious cybersecurity incident that affects individuals in multiple countries can be a legal nightmare for some organizations," Kron said. "However, this is something that organizations should plan for and be prepared for prior to an event ever happening. They should already know what will be required to meet regulatory standards for the regions in which they operate."

In a separate statement to Information Security Media Group, DaVita added, "We have activated backup systems and manual processes to ensure there's no disruption to patient care. Our teams, along with external cybersecurity experts, are actively investigating this matter and working to restore systems as quickly as possible."

This cyberattack mirrors similar recent disruptions within the healthcare industry, which continues to be a frequent target.

"The healthcare sector is always considered a lucrative target because of the serious sense of urgency whenever IT operations are disrupted, not to mention potentially disabled," said Jeff Wichman, director of incident response at Semperis. "In case of ransomware attacks, this serves as another means to pressure the victim into paying a ransom."

He added, "At this time, if any systems administering dialysis have been disrupted, the clinics and hospitals within DaVita’s network are most certainly operating machines manually as a last resort and staff are working extremely hard to ensure patient care doesn’t suffer. If any electronic machines in their network are down, the diligence of staff will fill the gaps until electronic equipment is restored."

DaVita joins a growing list of specialized healthcare providers facing cybersecurity breaches in 2025. Notably, Community Care Alliance in Rhode Island recently reported a hack that impacted 115,000 individuals.

In addition, DaVita has previously disclosed multiple health data breaches. The largest, in July 2024, affected over 67,000 individuals due to unauthorized server access linked to the use of tracking pixels in its patient-facing platforms.

Rise in Cyberattacks, Healthcare Industry Top Victim

Rise in Cyberattacks, Healthcare Industry Top Victim


Hospitals in Merseyside, including Arrowe Park Hospital in the Wirral, are facing significant disruptions following a cyber attack on the Wirral University Teaching Hospital Trust. Outpatient appointments have been canceled, and patients have been advised to avoid visiting the A&E department unless in a medical emergency. 

A spokesperson for the Trust confirmed, “A major incident was declared yesterday for cyber security reasons and remains ongoing. Our business continuity processes are in place, and our priority remains ensuring patient safety. We apologize for any inconvenience and will contact patients to reschedule canceled appointments.” 

Rising Cyber Threats to Healthcare   


The breach has also affected staff, who are struggling to access electronic records, highlighting the increasing frequency of cyber attacks on healthcare systems in the UK and globally. Research by KnowBe4 shows that the global healthcare sector faced an average of 1,613 attacks per week during the first three quarters of 2023 — four times higher than the global average.   

Earlier in 2024, a cyber attack on Kings College Hospital Foundation forced the shutdown of critical operations due to a breach at blood test supplier Synnovis.   

In recent years, similar incidents have plagued the UK healthcare system:   

- A ransomware attack on Barts NHS Trust by the Russian BlackCat gang resulted in the theft of 7TB of sensitive data.   
- In February 2023, NHS Dumfries and Galloway faced a breach compromising patient and staff information.   

In response to these escalating threats, the National Data Guardian (NDG) and NHS England introduced a new cyber resilience framework in September 2023. Dr. Nicola Byrne, National Data Guardian, stated that the framework provides organizations with a "current and evolving approach to enhance data protection and cyber resilience."

Why Cybercriminals Keep Targeting the NHS: Insights into the Latest Attack

 


In a statement released on 3 June, NHS England confirmed that the patient data managed by the company Synnovis for blood testing was stolen in a ransomware attack. In a threat to extort money from Synnovis, a group of Russian cybercriminals called Qilin shared almost 400GB of personal information through their darknet site on Thursday night, which they had threatened to do. There is no evidence to indicate that test results have been published, according to a statement issued by NHS England. However, the company said that investigations are still ongoing. 

As a shocking development has recently occurred, the NHS has announced it has been a victim of a major cyber attack targeting a company known as Synnovis. Synnovis, formerly known as Viapath, offers pathology services to hospitals across the country. The hospital is a partnership between Guy’s and St Thomas NHS Foundation Trust and King’s College Hospital NHS Foundation Trust. It is possible that millions of sensitive health information of NHS patients across England could have been compromised by the attack, which happened on June 22nd. 

As of Monday 3 June, Synnovis - a pathology partnership between Guy's and St Thomas' NHS Foundation Trust, King's College Hospitals NHS Trust and SYNLAB - suffered a ransomware cyber attack, disrupting their operations. There is no denying that this attack has been one of the worst in the history of medicine in the UK. It has resulted in an extremely significant decrease in the number of tests that can be processed and reported to clinical teams as a result of this attack. King's College Hospital and Guy's and St Thomas Hospital have been postponing 1,134 elective procedures and 2,194 outpatient appointments since 3 June, which means the total number of elective procedures and outpatient appointments cancelled. 

In the wake of the attack, which was allegedly perpetrated by a Russian criminal gang, Qilin has posted over 400GB of sensitive data to a darknet site that has been used to hide data. Among the data are names, dates of birth, NHS numbers, as well as descriptions of blood tests that were performed. Moreover, a spreadsheet detailing financial arrangements between hospitals, general practitioners, and Synnovis is also found. Qilin has also claimed to have attacked a ‘protest’ but declined to give any further details about their political affiliation or location. 

In the recent past, Synnovis, a partnership between two London hospitals and SYNLAB providing pathology services, has been a victim of a cyberattack. In the past week, a group has claimed responsibility for the attack and published information online,” Snnaovis said in a press release. Even though there have been no indications that the Laboratory Information Management System (LIMS) databases, which are crucial for supporting lab operations and storing patient test requests and results, have been compromised, or that they are available online, there are no signs that they have been. 

An analysis of the stolen data by the BBC revealed that it included the names of patients, birth dates, NHS numbers, and blood tests described by the patient, an act which has been described as the "most significant and harmful cyber attack ever committed in the United Kingdom." It has also been found that business account spreadsheets are being used to take notes about the financial arrangements between hospitals, GP services, and Synnovis. Ransomware hackers have infiltrated the company's computer systems, which are used by two NHS trusts in London, and encrypted vital information, resulting in the inability to use its IT systems. 

The cybercriminals also downloaded as much information as possible to further extort the company for a ransom payment, as is often the case with cybercriminals. Neither Synnovis nor the hackers have disclosed how much money the hackers requested from Synnovis, nor have negotiations been held between the two organizations. Qilin, however, has published some of the data, which could be all of it, so they haven't been paying. In an encrypted message sent to the BBC by the cyber attackers, the cyberattackers explained that they were targeting Synnovis intentionally to punish the UK for not participating enough in an unspecified war. 

In the NHS England statement, it was stated that the company continues to work closely with Synnovis and the National Crime Agency. A helpline has been established by NHS England for people affected by the attack and the organisation will continue to share updates, but "investigations of this type are complex and take time to complete." During the NHS, these systems are used to securely transfer patient data from one part of the healthcare system to another, raising serious questions about the safety and privacy of the data that is shared amongst members of the system. Officials at the National Health Service (NHS) are scrambling to assess the extent of the breach and find out exactly what information may have been exposed as a result of the breach. 

There have been assurances from the authorities that need-to-know services will remain fully operational for the time being, but some appointments and services not urgent in nature may need to be rescheduled to ensure the secure restoration of systems that have been affected. According to Synnovis, all affected systems have been taken offline as a precautionary measure, and as the company investigates the incident in partnership with the National Cyber Security Centre, the NHS is also investigating the incident. While many do not understand how such a crucial part of the NHS' digital infrastructure can be left vulnerable to such a heinous attack, a few have made a suggestion. As cyber security threats become increasingly sophisticated, there is now a growing concern about whether the NHS is capable of protecting itself from inherently secure threats. 

A call to action has been issued urging people to be more vigilant and to report any suspicious communications they receive claiming to be from the NHS immediately. It's becoming more obvious every day that the scale and impact of this unprecedented attack on England's health service are far from being known, but public confidence in the NHS's ability to keep personal data secure is at stake as more details emerge. In the last few months, there have been shockwaves throughout the healthcare sector as well as beyond it. Identifying impacted individuals can be a complicated process and can take up to a week for the investigation to be complete. As a result, local health systems have collaborated to ensure that patients' health impacts are managed promptly, that urgent blood samples are processed and that historical health records are accessible by laboratories.

Ransomware Attacks in Healthcare: A Threat to Patient Safety

Ransomware Attacks in Healthcare: A Threat to Patient Safety

Ransomware attacks in Healthcare: A threat to patient safety

A ransomware attack on a major U.S. hospital network has been endangering patients’ health. Nurses are forced to manually enter prescription information and work without electronic health records cyberattacks have become an alarming concern for healthcare institutions worldwide. 

The recent ransomware attack on Ascension Providence Rochester Hospital in the United States highlights the critical need for robust cybersecurity measures within the healthcare sector.

The incident

The hospital’s computer systems were compromised by malicious actors who infiltrated their network. The attackers deployed ransomware, encrypting critical files and rendering electronic health records (EHRs) inaccessible. Suddenly, nurses were navigating a chaotic environment where paper records replaced digital ones. The impact was immediate and far-reaching.

Patient safety at risk

  • Manual Processes: Nurses were forced to revert to manual processes for tasks that were previously automated. Prescription orders, patient histories, and treatment plans had to be recorded on paper. This shift disrupted workflows, increased administrative burden, and introduced the risk of errors.
  • Delayed Care: With EHRs offline, accessing patient information became time-consuming. Nurses had to physically search for records, leading to delays in providing care. In emergencies, every second counts, and any delay could jeopardize patient well-being.
  • Medication Errors: Manually transcribing medication orders is error-prone. Misreading handwritten notes or mistyping dosage instructions can have serious consequences. Patient safety hinges on accurate and timely administration of medications, and the ransomware attack disrupted this critical process.
  • Communication Challenges: Collaborating with physicians, pharmacists, and other healthcare professionals became challenging. Without EHRs, nurses struggled to share vital patient information efficiently. Effective communication is essential for coordinated care, and the attack hindered this aspect.

The broader implications

  • Financial Impact: Beyond patient safety, the financial toll of ransomware attacks is substantial. Hospitals must allocate resources to recover data, strengthen security, and address vulnerabilities. These costs divert funds from patient care and research.
  • Public Trust: Patients rely on hospitals to safeguard their sensitive information. A breach erodes trust and raises privacy concerns. Hospitals must transparently communicate such incidents to maintain public confidence.
  • Preventive Measures: Healthcare institutions must prioritize cybersecurity. Regular security audits, employee training, and robust backup systems are essential. Proactive measures can prevent attacks or minimize their impact.
Healthcare organizations must invest in cybersecurity infrastructure, collaborate with experts, and stay vigilant. Patient safety is non-negotiable, and protecting it requires a collective effort. Let us learn from this event and fortify our defenses against cyber threats in the healthcare sector.