Navia Benefit Solutions announces breach impacting nearly 3 million Artwork

Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Fully Automated is your weekly rundown of the biggest healthcare cybersecurity stories, delivered in a conversational format by Alex and Jen, two AI hosts who break down breaches, vulnerabilities, and compliance news with clarity, a little dark humor, and always a practical takeaway. Perfect for healthcare IT leaders, administrators, and compliance officers who want to stay informed without wading through the noise.

All Episodes

Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Navia Benefit Solutions announces breach impacting nearly 3 million

March 27, 2026

0:00 | 4:01

In this episode, we break down recent healthcare cybersecurity incidents including the Navia benefits administrator breach affecting nearly three million individuals, ransomware attacks on Kettering Health and a US healthcare provider, and the Essen Medical Associates settlement. We examine common vulnerabilities across these cases—from inadequate privileged access monitoring to untested incident response plans—and discuss actionable steps organizations can take to strengthen their security posture. The key takeaway: most breaches stem from addressable gaps, and consistent attention to fundamentals remains the most effective defense.

SPEAKER_01 0:00

Another week, another round of breach notifications in our inboxes. How are you holding up, Jen?

SPEAKER_00 0:05

Oh, you know, reading about nearly three million people's data exposed before my first coffee. Living the dream.

SPEAKER_01 0:12

That's the Navia story, right? The benefits administrator?

SPEAKER_00 0:15

Yeah. Three weeks.

SPEAKER_01 0:17

The attackers had access for three weeks before anyone noticed. And Navia works with over 10,000 employers. So this isn't just one organization's problem.

SPEAKER_00 0:27

Exactly. And here's the thing: no financial data was taken, but names, social security numbers, dates of birth, that's plenty for phishing campaigns. Or identity theft. Or both.

SPEAKER_01 0:40

The takeaway here for administrators?

SPEAKER_00 0:42

Know your vendors. Really know them. What's their detection capability? How fast can they spot unauthorized access? Because their blind spots become your blind spots.

SPEAKER_01 0:52

Speaking of access, there's this Iran-linked group, Pay2Key, that hit a US healthcare provider.

SPEAKER_00 0:59

Right. And the entry point? A compromised admin account. They sat in there for days before deploying ransomware. Days. Days. And this wasn't some sophisticated zero-day exploit. It was a privileged account that wasn't being monitored properly.

SPEAKER_01 1:15

So the fix isn't exotic. It's fundamentals.

SPEAKER_00 1:19

Privileged access management.

SPEAKER_01 1:27

Let's talk about Kettering Health. 44 lawsuits after a ransomware attack delayed patient care.

SPEAKER_00 1:33

The Interlock group claimed they exfiltrated almost a terabyte of data before encrypting systems. And when the ransom wasn't paid, they followed through.

SPEAKER_01 1:42

These lawsuits allege patients were actually harmed by delays in treatment.

SPEAKER_00 1:46

Which is the nightmare scenario, right? It's not just about data anymore. It's about care delivery, about someone not getting their medication on time, or their surgery postponed.

SPEAKER_01 1:57

What should health systems be thinking about here?

SPEAKER_00 1:59

Resilience. Can you maintain operations during an attack? Do you have offline workflows? Have you actually tested your incident response plan? Or is it just a PDF somewhere?

SPEAKER_01 2:10

And then there's Open Loop, telehealth platform. A lone threat actor claims to have data from over 3 million people.

SPEAKER_00 2:19

And reportedly, Open Loop paid him to take down the listing.

SPEAKER_01 2:22

Does that work?

SPEAKER_00 2:24

I mean, does it ever? You're trusting a criminal to honor a deal, and you've just signaled to every other threat actor that you'll pay. So what's the better path? Invest in prevention, detection. Have a real plan before you're negotiating with someone who calls himself stuck in 2019.

SPEAKER_01 2:41

We should mention Essen Medical Associates.$4 million settlement after their 2023 breach.

SPEAKER_00 2:48

Nearly a million individuals affected. The lawsuit alleged negligence. And now there's a settlement fund, class representatives getting service awards. It's expensive.

SPEAKER_01 2:59

The cost of a breach isn't just the breach.

SPEAKER_00 3:02

It's the litigation, the remediation, the reputation hit, the settlement. It compounds.

SPEAKER_01 3:08

So when we look at all of this together, Navia, pay to key, kettering, open loop, essen, what's the thread?

SPEAKER_00 3:17

None of this is bad luck. It's bad configurations, blind spots, gaps that were probably fixable before the attack happened.

SPEAKER_01 3:25

Privileged accounts without proper monitoring, vendors without adequate detection, incident response plans that weren't tested.

SPEAKER_00 3:33

And the good news, if we can call it that, is that most of this is addressable. It's not about buying some magic solution. It's about doing the fundamentals consistently.

SPEAKER_01 3:43

Which is easier said than done, but still within reach.

SPEAKER_00 3:47

It is. And honestly, that should be motivating, not depressing.

SPEAKER_01 3:51

On that almost optimistic note, thanks for listening, everyone.

SPEAKER_00 3:55

Stay patched, stay vigilant, and maybe audit those admin accounts this week. See you next time.