TriZetto breach exposes health data of 3,433,965 patients, vendors scramble

TriZetto Provider Solutions, the healthcare IT and revenue-management unit owned by Cognizant Technology Solutions, disclosed a web-portal breach that exposed protected health information and personally identifiable information for 3,433,965 people, a figure cited in a Maine Attorney General filing and reported by BleepingComputer. The unauthorized access began in November 2024 and continued until TriZetto discovered suspicious activity on October 2, 2025, the company and client notices show.

The breach centered on portals used by provider clients to check insurance eligibility. Investigators found that threat actors viewed historical eligibility transaction reports and records used to confirm a patient’s insurance coverage before treatment, material that included names, addresses, birthdates, Social Security numbers, health insurance member numbers and, in some cases, Medicare beneficiary identifiers. Censinet, in an entry labeled "###### sbb-itb-535baee," summarized the probe: "The investigation, which concluded at the end of November 2025, determined that the breach exposed various types of personal and health-related information."

TriZetto and downstream providers stressed that financial account and payment card data were not involved. "TriZetto says that payment card, bank account or financial details were not exposed in this incident," communications cited in reporting said. TriZetto has said it has engaged external cybersecurity experts, strengthened cybersecurity on its systems and informed law enforcement authorities of the incident; it also told reporters it is not aware of any cases where cybercriminals have attempted to misuse the information.

The breach has forced clinics and health centers to undertake heavy notification work and patient outreach. Gardner Health Services published a Q&A that answers, "Q: Was Gardner Health Services hacked? A: NO. Gardner Health Services (GHS) did not have a breach of its system. A business we use to help us with billing services called TriZetto Provider Solutions (TPS) noticed their system was impermissibly accessed." Gardner said TPS informed them on December 9, 2025, and that GHS sent letters to patients whose information was involved. Farmington Valley Dermatology & Surgery, in a notice to patients, said, "This breach occurred only on TriZetto’s systems. Farmington Valley Dermatology’s internal systems and cloud-based electronic health record (EHR) system were not breached and remain secure," and warned patients, "DO NOT include sensitive/personal health information in your message because standard text messaging is not secure."

TriZetto began provider notifications on December 9, 2025 and customer notifications in early February 2026, offering free 12-month credit monitoring and identity protection through Kroll; notification letters include a unique code and enrollment instructions. The staggered timeline, with access beginning in November 2024 and public reporting in March 2026, underscores how long exposures can persist before the public is informed.

Public-health and equity implications are acute. The exposed records include Medicare identifiers and Social Security numbers tied to vulnerable populations, amplifying risks for identity theft and barriers to care if patients lose trust in how their information is handled. Smaller practices face administrative burdens and reputational harm despite not being directly breached, and patients with limited digital literacy or unstable housing may be least able to benefit from offered identity protections.

Infosecurity further noted a lawsuit alleging that a Cognizant helpdesk staffer reset an employee password without following protocols, an allegation tied in reporting to another costly breach for a corporate client; that claim has not been connected conclusively to the TriZetto incident. The episode highlights the policy gap around oversight of third-party health vendors: states and federal regulators must tighten timelines for disclosure, require baseline cybersecurity controls for vendors handling PHI, and ensure remediation funds and monitoring reach the communities most at risk. The breach is a reminder that patient privacy is only as strong as the weakest vendor that sits between clinicians and care.