Navvis & Company reports data breach, exposes patient data of multiple healthcare institutions

On December 29, 2023, Navvis & Company, LLC, reported a data breach that occurred after cybercriminals infiltrated Navvis's computer systems between July 12 and July 25, 2023. Navvis & Company, LLC, headquartered in St. Louis, Missouri, is a business services firm specializing in the healthcare sector. The company focuses on redefining and enhancing healthcare delivery by building, operating, and managing innovative business models in partnership with health plans, health systems, and physician groups.

The intrusion allowed unauthorized access to personal and protected health information of patients affiliated with Navvis's healthcare provider clients. The compromised data includes:

• consumers' names,
• Social Security numbers,
• dates of birth,
• Medicaid or Medicare ID numbers,
• health plan details,
• medical treatment and record numbers,
• patient and case identification numbers,
• provider and doctor information.

No details are disclosed about the number of affected individuals or the nature of the attack.

Navvis began issuing notification letters to the affected individuals on December 29, 2023. These letters aimed to inform recipients about the specifics of the compromised information.