Navvis & Company, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Navvis & Company, LLC, a Missouri-based health management services provider, experienced a significant data breach between July 12, 2023, and July 25, 2023. The breach was first detected due to suspicious activity within its computer network on July 25, 2023. Following an investigation with the assistance of cybersecurity experts, it was confirmed that an unauthorized party had accessed the company’s system, compromising a wide range of sensitive consumer information. This information includes names, Social Security numbers, dates of birth, Medicaid or Medicare ID numbers, health plan information, medical treatment information, medical record numbers, patient account numbers, case identification numbers, provider and doctor information, and health record information[1][3].

Navvis & Company, LLC, which specializes in working with health plans, health systems, and physician groups to develop new business models for healthcare delivery, reported the breach to the Attorney General of Oregon on December 29, 2023. The company has since begun sending out data breach notification letters to all affected individuals, advising them of the breach and the steps they can take to protect themselves from potential fraud or identity theft[1].

Despite the breach, as of the time of reporting, there has been no evidence to suggest that the compromised information has been used for identity theft or fraud[3]. Navvis has taken steps to secure its network and is reviewing and enhancing its data privacy policies and procedures to prevent future incidents. Additionally, the company is offering complimentary access to credit monitoring services for impacted individuals and has provided contact information for major credit reporting agencies to help them monitor their credit reports and protect against identity theft[3].

This incident has prompted legal investigations and potential class action lawsuits, with law firms such as Cole & Van Note and Turke & Strauss LLP investigating the breach on behalf of affected consumers[4][7]. The breach has also affected patients of healthcare providers partnered with Navvis, such as SSM Health, leading to further notifications and warnings to potentially impacted individuals[5][8][13].

For those affected by the breach, it is recommended to remain vigilant by monitoring account statements, credit reports, and explanation of benefits forms for any suspicious activity. Taking steps such as changing passwords, securing online accounts, and considering credit freezes or fraud alerts can also help protect against identity theft[3][7].

Navvis & Company, LLC is headquartered in St. Louis, Missouri, employs more than 267 people, and generates approximately $55 million in annual revenue. The company plays a significant role in the healthcare industry by providing services that aim to improve and change the way healthcare is delivered[1].

Citations:

  1. https://www.jdsupra.com/legalnews/navvis-company-reports-data-breach-4171652/
  2. https://www.newyorkbuildexpo.com/2024-exhibitors
  3. https://markets.businessinsider.com/news/stocks/navvis-company-llc-navvis-notice-of-data-event-1032650766
  4. https://www.newstrail.com/cole-van-note-announces-navvis-company-llc-data-breach-investigation/
  5. https://www.thelyonfirm.com/blog/navvis-company-data-breach-ssm-health/
  6. https://twitter.com/DCICyberSecNews/status/1743084592515383747
  7. https://www.turkestrauss.com/2024/01/03/navvis-company-data-breach-investigation/
  8. https://www.news9.com/story/659628969cca5806533e41fb/large-oklahoma-healthcare-provider-warns-patients-of-2023-data-breach
  9. https://www.myinjuryattorney.com/navvis-company-data-breach-class-action-investigation-and-lawsuit-assistance/
  10. https://www.businesswire.com/news/home/20221020005182/en/Population-Health-Leaders-Navvis-and-Esse-Health-Announce-Plans-to-Merge
  11. https://www.jdsupra.com/legalnews/ssm-health-confirms-patient-data-was-7729008/
  12. https://dockets.justia.com/docket/missouri/moedce/4:2024cv00035/208806
  13. https://abc17news.com/news/jefferson-city/2024/01/09/data-breach-affects-limited-number-of-ssm-health-patients/
  14. http://ago.vermont.gov/sites/ago/files/documents/2023-10-06%20Navvis%20%26%20Company%20Data%20Breach%20Notice%20to%20Consumers.pdf
Breach Submission Date Sep 22, 2023
Converted Entity Name Navvis & Company, LLC
Converted Entity Type Business Associate
State MO
Individuals Affected 917
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes