Navvis Data Breach Lawsuit Says Clients’ Patients’ Identities Are At Risk of Theft
Montiel et al. v. Navvis & Company, LLC
Filed: January 8, 2024 ◆§ 4:24-cv-00040
A class action alleges health management services provider Navvis & Company negligently failed to protect its clients’ patients’ personal and health information.
Navvis & Company faces a proposed class action that alleges the St. Louis-based health management services provider negligently failed to protect clients’ patients’ personal and health information from unauthorized access last summer.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 45-page complaint says that although Navvis, per the late-December notice it sent to data breach victims, discovered “suspicious activity” on some of its computer systems on July 25, the company waited five months before notifying affected individuals that they were at risk for identity theft and fraud. Per the case, Navvis ultimately determined that an unauthorized actor had access to certain systems between July 12 and July 25, 2023, and that as a result, certain files within the systems may have been stolen.
According to the lawsuit, the information compromised in the Navvis data breach included names, dates of birth, Medicare beneficiary ID numbers, diagnosis details, health insurance policy numbers, dates of service, provider names, patient account numbers, and more.
As a result of the five-month delay in Navvis notifying data breach victims, affected consumers were unaware that their information had been stolen and “that they were, and continue to be, at significant risk of identity theft” and other forms of harm, the suit stresses.
“The risk will remain for their respective lifetimes,” the case states, adding that Navvis has offered no assurance that all of the personal data, or copies of the data, impacted by the breach have been recovered or destroyed or that it has sufficiently enhanced its cybersecurity measures to prevent such an incident in the future.
The lawsuit accuses Navvis of failing to properly monitor and secure its computer networks despite promising patients and clients that the sensitive data they provide to the company will be safeguarded. Had it done so, Navvis could have prevented the data breach, the complaint says.
Further, the suit contests that Navvis was well aware of the risk of a data breach given the prevalence of such incidents in recent years, particularly in the healthcare industry.
The lawsuit shares that although the exact number of individuals impacted by the Navvis data breach is unknown at this time, at least hundreds of people, and possibly thousands, were affected by the breach.
The case looks to cover anyone in the United States who had private information accessed and/or acquired as a result of the Navvis data breach, including anyone who received notice about the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.