The first half of 2025 has sent a clear message: healthcare cyber threats are escalating fast. With identity-based attacks up 800%, ransomware targeting critical infrastructure, and legal firestorms over health data trackers, the stakes for data privacy and cybersecurity have never been higher.
DaVita Ransomware Attack Exposes Over 1 Million Health Records
More than one million individuals are now at risk after a major ransomware attack targeted DaVita, a leading provider of dialysis services.
The April 2025 breach compromised a wide range of sensitive data, including medical records, financial information, and government IDs. This incident underscores the growing danger ransomware poses to the healthcare sector.
DaVita confirmed the incident shortly after it occurred through a filing with the SEC, noting that it had activated its cyber response protocols to contain the threat.
However, an updated notice on August 1 revealed a deeper impact: the attackers had accessed the company’s dialysis labs database, which included data from not only DaVita patients but also individuals whose lab results were processed through DaVita Labs for other healthcare providers.
The compromised information includes:
- Names, addresses, and dates of birth
- Social Security and driver’s license numbers
- Medical and treatment histories
- Health insurance details
- Financial information and images of personal checks
- Internal DaVita identifiers and lab test results
- In some cases, tax identification numbers
So far, Attorney General offices in multiple states, including Massachusetts, Oregon, South Carolina, Texas, and Washington, have acknowledged the breach, confirming over 1 million impacted individuals.
Credit monitoring and identity theft protection are being offered to those affected.
While DaVita hasn’t disclosed the exact number of victims publicly or listed the incident on the HHS breach portal, security researchers believe this is among the largest healthcare data breaches of 2025.
The ransomware group Interlock has claimed responsibility, stating it stole roughly 1.5 terabytes of data. The gang is known for targeting critical infrastructure and for exfiltrating large volumes of data, averaging nearly 1.5 TB per victim across 54 known attacks.
DaVita reported $13.5 million in damages related to the incident, including $1 million in patient care disruptions and $12.5 million in system recovery and remediation costs. That figure doesn’t yet account for lost productivity, reputational damage, or potential legal action.
Data Breach at Northwest Radiologists Impacts Nearly 350,000 Washington Patients
Another major healthcare data breach has come to light, this time affecting Washington-based Northwest Radiologists. The organization confirmed that 348,118 individuals were affected after a cyberattack in January 2025 exposed a wide array of sensitive patient data.
The breach occurred between January 20 and January 25, during which unauthorized access went undetected. The intrusion disrupted internal systems, prompting an immediate investigation with support from law enforcement and external cybersecurity experts.
Following a detailed forensic review, Northwest Radiologists determined that cybercriminals had accessed files containing highly sensitive information, including:
- Full names, addresses, and contact details
- Social Security numbers and driver’s license/state ID numbers
- Dates of birth and email addresses
- Medical record numbers and diagnosis/treatment information
- Health insurance details and billing information
- Names of treating providers
At this time, the organization says it has no evidence that any of the stolen information has been misused. However, the sheer scope of exposed data places affected individuals at increased risk for identity theft, medical fraud, and financial scams, concerns that continue to plague healthcare breaches.
While the exact method of attack wasn’t disclosed, the reported network disruption points to a possible ransomware incident. No known threat group has claimed responsibility.
Northwest Radiologists says it has since secured its systems and implemented additional safeguards to reduce the risk of future incidents. The company is offering complimentary credit monitoring and identity protection services to those affected.
This attack follows a broader trend of rising cyber threats against diagnostic imaging and specialty care providers, who often handle large volumes of sensitive data but may lack the robust security infrastructure of larger hospital systems.
Data Breaches Skyrocket in 2025: 800% Jump in Stolen Credentials
The first half of 2025 has brought a stunning surge in cyberattacks and the numbers are alarming.
According to the latest Global Threat Intelligence Index, credential theft has exploded by 800%, with 1.8 billion credentials stolen in just six months.
Threat actors are increasingly targeting user identities, often bypassing even multi-factor authentication (MFA) protections by exploiting reused or stolen credentials.
5.8 Million Compromised Devices
Attackers accessed this massive volume of data by breaching 5.8 million devices.
These identity-based attacks are now a core strategy for cybercriminals to gain persistent access to organizational systems. And once they’re in, they move laterally, fast.
20,000 Vulnerabilities—and Counting
The same report revealed over 20,000 unpatched vulnerabilities, including 12,200 that weren’t listed in the National Vulnerability Database (NVD).
Even worse? More than 7,000 of those bugs already have public exploits available.
This silent backlog creates a serious blind spot for cybersecurity teams. With vulnerability disclosures rising 246% since February and publicly available exploit code up 179%, most security teams can’t keep up.
“It’s no longer possible to triage and patch every threat,” the report warns. “The expanding digital attack surface is overwhelming even mature organizations.”
Ransomware Still Rising
Credential theft and unpatched bugs are both leading causes of ransomware attacks. And ransomware continues to trend upward.
Flashpoint documented 3,104 data breach events in the first half of 2025, compromising an estimated 9.5 billion records. Unauthorized access was the top entry point, linked to nearly 78% of all breaches.
2025 On Track to Break Records
With a 235% spike in breach activity over the last four months alone, experts at the Identity Theft Resource Center (ITRC) are warning that 2025 may set a new record for data breaches in the U.S.
Key takeaway?
Identity-based threats are scaling faster than most teams can respond. Stolen credentials and exploit-ready bugs are now the fuel for modern cybercrime and the pressure on defenders is mounting.
Health Data Trackers Face Legal Heat
Digital tracking tools are under fire again from a growing wave of lawsuits and regulatory scrutiny tied to how health-related websites and apps are collecting and sharing user data.
Whether you’re a HIPAA-covered entity or not, the message is clear: the legal risks around health data tracking are escalating fast.
At the center of the controversy are third-party tools, often embedded by default in websites and apps, that quietly gather user information. This includes highly sensitive data, such as fertility history, prescription activity, and visits to clinics offering reproductive or gender-affirming care.
And now, it’s more about potential civil and even criminal consequences than ethics, especially in politically charged areas of healthcare. The Supreme Court’s decision to overturn Roe v. Wade and rising legislative action around transgender care have only intensified the stakes.
Legal Cases Are Mounting
A recent class action lawsuit against Flo Health, a widely used fertility-tracking app, accused the company of sharing users’ sensitive reproductive data with Google, Meta, and other ad tech firms.
Flo agreed to settle the case, but this isn’t its first legal run-in. The FTC previously took enforcement action against the company in 2021 over similar issues.
These cases show that failing to disclose data-sharing practices or relying on ambiguous user consent can put companies in serious legal jeopardy.
What Legal and Compliance Teams Should Do Now
Whether you’re advising a hospital, a health tech startup, or your own law firm uses web analytics tools on healthcare-related landing pages, it’s time to review your compliance posture.
Here’s what we recommend:
- Audit all tracking tools used on your websites and mobile apps, especially any that collect behavioral or location data.
- Confirm whether these tools are sharing personal or health-related information with third parties.
- Update your privacy policies to clearly disclose data-sharing practices and obtain explicit user consent.
- Consider turning off or replacing tools that could put you at risk, especially in light of the latest lawsuits and regulatory expectations.
Being a healthcare provider, now is the time for you to get ahead of the threats. Don’t wait for a breach or lawsuit to find out your cybersecurity strategy has holes.
Visit Infoguard Cybersecurity to learn how we can help your organization stay protected, compliant, and resilient.
Found this newsletter helpful? Don’t forget to share it with your colleagues.
Best regards,
