Navvis & Company Data Breach Exposes Personal and Health Information

Healthcare data breach illustration
Breach Discovery: Not Publicly DisclosedBreach Notification: June 2024

What Happened in the Navvis & Company Data Breach?

Navvis & Company, LLC recently filed a formal data breach notification with the Delaware Attorney General. The filing confirms that the company experienced a security incident involving unauthorized access to sensitive consumer information. As a healthcare-focused organization, Navvis handles data that includes personal and medical details for many individuals.

According to the notification, the breach involved unauthorized access to systems containing personal information. The exact method used by the attacker has not been publicly disclosed in detail. However, the filing itself confirms that data exposure did occur, rather than simply a suspected or attempted intrusion.

Once Navvis discovered the unauthorized access, the company began an internal review to determine the scope of the incident. This investigation likely involved forensic specialists working to identify which systems were compromised. As a result, Navvis was able to determine which types of consumer data may have been affected before notifying regulators and impacted individuals.

Because the notification was filed with the Delaware Attorney General, Navvis is legally required to inform affected residents about the exposure. This step reflects the company’s obligation under state breach notification laws. Therefore, individuals whose information was involved in the incident should expect to receive a direct notice, if they have not already.

Who was affected?

The breach may affect individuals whose personal or health-related information was stored within Navvis & Company’s systems. Given the nature of the company’s healthcare services, those affected could include patients, clients, or individuals connected to healthcare programs that Navvis supports. In addition, employees or contractors tied to the organization could also be impacted, depending on the systems involved.

The exact number of individuals affected by this breach has not been publicly disclosed. Similarly, the notification does not specify whether the incident is limited to Delaware residents or extends to a broader, nationwide population. Because Navvis operates within the healthcare sector, however, it is possible that vulnerable populations, including older adults or patients managing chronic conditions, are among those affected.

What Information Was Potentially Exposed?

While the notification does not provide an exhaustive breakdown of every data element compromised, breaches involving healthcare-related organizations like Navvis often expose highly sensitive categories of personal information. Based on the nature of the filing, the following types of information may have been involved.

  • Full names
  • Social Security numbers
  • Health insurance information
  • Medical treatment or diagnosis records
  • Other personally identifiable information tied to healthcare services

Exposure of this type of information creates a real risk of identity theft. For example, a Social Security number combined with a full name can allow criminals to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. As a result, affected individuals may face financial harm that surfaces months or even years after the breach.

In addition, exposed health information carries its own distinct risks. Criminals can use stolen medical details to commit healthcare fraud, such as billing insurers for services never received. This type of fraud can be especially difficult to detect because it often does not appear on standard credit monitoring reports. Consequently, affected individuals should remain alert to unusual medical bills or insurance statements.

What is the company doing?

In response to the breach, Navvis & Company took steps to investigate the incident and determine its scope. The company then filed the required notification with the Delaware Attorney General, fulfilling its legal obligation to disclose the event. This filing indicates that Navvis is actively working through its incident response process.

Beyond the initial filing, Navvis is likely coordinating with cybersecurity professionals to secure its systems and prevent further unauthorized access. Companies in this position typically review their security controls and strengthen protections following a breach. Additionally, affected individuals may be offered credit monitoring or identity protection services, depending on the terms outlined in the direct notification letters sent to consumers.

What Should Affected Individuals Do?

Monitor Your Credit Reports Closely

Affected individuals should request and review their credit reports from all three major credit bureaus. Doing so allows you to spot unfamiliar accounts or inquiries that could signal identity theft. You are entitled to a free credit report from each bureau annually, and checking them regularly is a smart habit after any breach.

Because fraud can take time to surface, it helps to continue this monitoring for at least a year following the breach. If you notice anything suspicious, report it immediately to the credit bureau and consider contacting a data breach attorney for a free case evaluation to understand your options.

Consider a Fraud Alert or Credit Freeze

Given that Social Security numbers may have been exposed, placing a fraud alert or credit freeze is a strong protective step. A fraud alert requires lenders to verify your identity before opening new credit in your name. Meanwhile, a credit freeze goes further by restricting access to your credit file entirely.

Both options are free to set up through the major credit bureaus. As a result, taking this step can significantly reduce the chances that someone else successfully opens accounts using your stolen information.

Watch for Signs of Medical Identity Theft

Because health information may have been involved, affected individuals should carefully review any insurance statements or medical bills. If you notice unfamiliar charges or services you never received, this could indicate medical identity theft. Reporting these issues quickly to your insurer can help limit the damage.

In addition, requesting a copy of your medical records periodically can help confirm that no unauthorized treatments or prescriptions have been added to your file. This is an often-overlooked step, but it becomes especially important after a healthcare-related data breach.

Stay Alert to Phishing Attempts

After a breach like this, scammers often use stolen information to craft convincing phishing emails or phone calls. Therefore, be cautious of any unexpected messages claiming to be from Navvis, healthcare providers, or financial institutions. Never click on suspicious links or provide personal details to unverified senders.

Instead, verify any communication by contacting the organization directly through official channels. This simple habit can prevent scammers from gaining further access to your personal or financial information.



More Information

Official data breach notification from Hawaii Office of Consumer Protection

Official data breach notification from Delaware Attorney General

Official data breach notification from Oregon Department of Justice

Related Data Breaches