Kidney Dialysis Provider Services Disrupted by Ransomware

A ransomware attack disrupted operations at one of the nation’s largest dialysis center networks, encrypting parts of its systems and triggering an active incident response.

On April 12, 2025, the organization detected unauthorized activity and quickly initiated containment protocols, isolating the affected systems. While patient care continues via backup systems and manual processes, the incident has impacted portions of their broader operations, Security Week reports.

The organization has brought in external cybersecurity experts to support the investigation and remediation, and law enforcement has been notified. According to a filing with the SEC, some functions have been restored through interim measures, but the full extent of the disruption remains unclear.  

It is not yet known how long recovery will take or whether any sensitive data was compromised. The company has not disclosed which ransomware group is behind the attack or whether any ransom demand was made.  

With over 3,000 outpatient dialysis centers—more than 2,500 in the U.S.—the provider serves approximately 250,000 patients globally, including 200,000 in the U.S. where it holds a 37% market share. Despite the cyber incident, officials say there has been no interruption in patient care as investigation and recovery efforts continue.

Takeaway: Attacks on healthcare providers are as ruthless as they get. When ransomware crews go after targets like dialysis centers or blood banks, they know exactly what they’re doing.

These aren’t random targets; ransomware operators understand that patients undergoing dialysis can’t just skip a session and wait for systems to come back online. Missed treatments can mean real harm. In some cases, it can mean death.

It’s about leverage. Attackers are weaponizing urgency when they hit healthcare organizations, and they know that urgency means the pressure to pay is immediate and intense. That’s not just unethical—it’s plain evil.

And here’s the real problem: our current approach isn’t cutting it. We keep treating these attacks like run-of-the-mill cybercrime, and they’re anything but.  

When they target critical healthcare infrastructure, they're not committing digital vandalism—they’re threatening human lives. Attacks like these need to be treated like the national security issue it is.

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more, and check out our quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.