TriZetto Data Breach: 3.4M Patients’ Health Data Exposed | Cognizant
A data breach at TriZetto Provider Solutions, a healthcare IT firm owned by Cognizant, has exposed the protected health information of over 3.4 million individuals. The breach, impacting patients of healthcare providers who use TriZetto’s services, involved records related to insurance eligibility verification transactions. This incident underscores the ongoing challenges of securing sensitive data within the complex ecosystem of healthcare billing and revenue management.
The Timeline of Exposure
TriZetto detected suspicious activity within a web portal on October 2, 2025, initiating an investigation with the assistance of cybersecurity specialists. However, the unauthorized access actually began much earlier, in November 2024, remaining undetected for nearly a year. The portal is used by healthcare providers to access TriZetto’s systems and confirm patient insurance coverage before treatment. Affected providers were initially alerted on December 9, 2025, with broader customer notification beginning in early February 2026. A filing with the Maine Attorney General indicates the total number of individuals affected is 3,433,965.
What Data Was Compromised?
The types of data exposed varied for each individual, but potentially included full names, physical addresses, dates of birth, Social Security numbers, health insurance member numbers (and, for some, Medicare beneficiary identifiers), provider names, health insurer names, and other demographic, health, and insurance information. Crucially, TriZetto has stated that payment card, bank account, or other financial information was not exposed. The compromised data relates specifically to the insurance verification process, a critical but often overlooked component of healthcare data security.
How Insurance Verification Works – and Why It’s a Target
Insurance eligibility verification is a routine process. When a patient seeks care, healthcare providers need to confirm that the patient has active insurance coverage and understand the details of their plan – copays, deductibles, covered services, etc. This is typically done through electronic transactions with insurance companies or, in some cases, through intermediaries like TriZetto. These transactions often involve sending Protected Health Information (PHI) to verify coverage. As these transactions are frequent and often handled by third-party vendors, they can represent a vulnerable point in the healthcare data security chain. The data involved, while not directly financial, is valuable to attackers for identity theft, fraud, and potentially for targeted phishing campaigns.
TriZetto and Cognizant: A History of Security Concerns
TriZetto has operated as part of Cognizant since 2014. This breach isn’t the first security incident to touch the companies. In 2020, Cognizant was reportedly the target of a Maze ransomware attack. More recently, in June 2025, Clorox sued Cognizant, alleging negligence allowed the Scattered Spider hacking group access to its network through a social engineering attack in September 2023. BleepingComputer reported on the Clorox lawsuit, highlighting the potential for vulnerabilities in vendor help desk procedures. These prior incidents raise questions about the overall security posture of both organizations and the effectiveness of their security investments.
Mitigation and Response
TriZetto says it has taken steps to strengthen cybersecurity on its systems and has informed law enforcement. The company is offering affected individuals 12 months of free credit monitoring and identity protection services through Kroll. Kroll’s website provides details about the incident and the services being offered. While credit monitoring can help detect misuse of personal information, it’s not a foolproof solution. Individuals should also consider placing fraud alerts on their credit files and reviewing their insurance statements for any suspicious activity.
The Broader Impact on Healthcare Providers
The breach doesn’t just affect patients directly; it also impacts the healthcare providers who rely on TriZetto’s services. These providers are now responsible for notifying their patients about the breach and assisting them with protective measures. The Oregon Attorney General’s website indicates that many of the affected healthcare providers are community health centers and organizations serving vulnerable populations, potentially compounding the impact of the breach. HIPAA Guide details the scale of the impact across numerous healthcare providers.
What Comes Next: Investigation and Potential Legal Action
The incident is currently under investigation. It’s unclear whether the attackers have been identified or whether any data has been leaked on underground forums. The lack of immediate reports of data leaks doesn’t necessarily signify the data isn’t being used maliciously; it could simply mean the attackers are being discreet. Several law firms are investigating potential class action lawsuits against TriZetto, alleging negligence and failure to adequately protect patient data. The outcome of these investigations and potential legal actions will likely shape future data security practices within the healthcare industry.
BleepingComputer reached out to TriZetto for further information regarding the breach and the delay in consumer notifications, but had not received a response at the time of publication.