Skip to main content
data on computer data on computer

Navvis & Company Data Breach Investigation | SSM Health

Written by Joseph Lyon on . Posted in Data Breach, Litigation Update.

UPDATE: A class action settlement has been reached between Navvis, a health management company, and SSM Health over a 2023 data breach that affected 2.8 million individuals. Both companies agreed to a $6.5 million settlement to resolve claims that they failed to prevent a cyberattack that accessed and exfiltrated sensitive information. Eligible class members can receive reimbursement for out-of-pocket expenses and may be eligible for up to two years of free credit monitoring. 

Joe Lyon was appointed co-lead counsel in this case. 

What Happened at Navvis & SSM Health?

SSM Health, one of the largest healthcare providers in Oklahoma, said their partner vendor, Navvis, recently suffered a data breach. According to Navvis, they were the victim of a cyberattack from July 12 to 25, 2023. SSM Health patient data was shared with Navvis and ostensibly then accessed by the hackers.

The breach targeted demographic and healthcare-related information, as well as certain individuals’ Social Security numbers. All patients affected in the SSM data breach will receive notice from Navvis.

Navvis & Company filed a notice of data breach with the Attorney General of Oregon and noted that an unauthorized party accessed names, Social Security numbers, dates of birth, Medicaid or Medicare ID numbers, health plan information, medical treatment information, medical record numbers, patient account numbers, case identification numbers, provider and doctor information and health record information.

On December 29, 2023, Navvis & Company sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with more detailed information.

If you receive a data breach notification, it is important to understand there may be an increased risk of identity theft and fraud. A data breach lawyer can help you take the next steps and consider joining a class action.

Navvis & Company is a business services company operating out of  St. Louis, Missouri. The company works with health plans, health systems, and physician groups to build, operate, and manage new business models.

Contact our legal team if you have been notified by any company about a data security incident. Any entity that collects and stores your data has a duty to protect it. Failing to do so can result in a lawsuit that aims to compensate victims.