Prince George's County Warns Patients After TriZetto Vendor Data Breach

Prince George's County quietly posted an alert on its News & Events page last week warning that a vendor security incident had compromised some patients' protected health information, naming the affected vendor as TriZetto in the notice title and directing residents to learn more through the county's website.

The vendor at the center of the breach is TriZetto Provider Solutions, known as TPS, a company that handles insurance claims processing and related administrative services. Midwest Dermatology, another TPS client, described the company's role in its own notification to patients, explaining that TPS "experienced a security incident that may have involved certain patients' protected health information."

The county's notice, published March 13, 2026, states plainly: "One of our vendors was impacted by a security incident, which affected some of our patients' or their primary insured's protected health information." The county did not specify how many patients were affected, which categories of health data were exposed, or when the incident originally occurred.

TPS engaged Kroll, LLC, a third-party risk advisory firm, to handle notification services and host a substitute notice webpage with additional details about the incident. Kroll was set to begin mailing notices to potentially affected individuals on or around February 6, 2026, more than five weeks before Prince George's County published its public notice. It is not clear from available information whether the county was notified earlier and chose to post on March 13, or whether it received its own notification closer to that date.

The sources reviewed do not indicate whether TPS, the county, or Kroll is offering credit monitoring or identity protection services to affected individuals, nor whether the incident has been reported to federal regulators at the Department of Health and Human Services Office for Civil Rights or to the Maryland Attorney General. The method of the breach, whether ransomware, unauthorized access, or another vector, has not been disclosed publicly.

Patients who receive county health services and believe their information may have been involved should monitor any mailed notices from Kroll and check the county's News & Events page for updated guidance.