Navvis and SSM Health, two healthcare providers which offer services in Illinois, Wisconsin, Oklahoma, and Missouri, have agreed to a $6.5 million class action settlement following a ransomware attack that exposed sensitive patient information across multiple states. The breach impacted individuals receiving care through the two organizations. According to the lawsuit, the breach could have been avoided with “reasonable cybersecurity measures” - a claim that resonates with the growing concern over inadequate defenses in healthcare environments.

The financial fallout is a powerful reminder that the true cost of weak security extends beyond technical remediation. Affected patients are eligible for reimbursement of up to $5,000 for identity theft and fraud-related losses, plus two years of credit monitoring. These remediation efforts, while necessary, are reactionary and expensive, both in terms of dollars and brand reputation.

This incident serves as yet another wake-up call for healthcare providers and partners. Cybercriminals continue to target the healthcare sector for its high-value data and inconsistent security practices. The only effective response is proactive by ensuring 100% situational awareness into your infrastructure to continuously assess risk. For companies like Navvis and SSM Health, an upfront investment in cybersecurity is a fraction of the cost of a breach - both financially and in patient trust. Read more about this story on our LinkedIn page