TriZetto confirms more than 3.4 million patient records stolen after yearlong intrusion

TriZetto, the Cognizant‑owned health‑technology vendor that sits deep in the plumbing of U.S. healthcare, confirmed that hackers stole personal and health‑related information belonging to more than 3.4 million people in a cyberattack that went undetected for nearly a year. In a filing with Maine’s attorney general, the company said attackers exfiltrated patients’ insurance eligibility transaction reports from its servers and took names, dates of birth, postal addresses, Social Security numbers, provider names, demographic fields, plan identifiers and other insurance and health details.

TriZetto said it identified the intrusion on Oct. 2, 2025 but later discovered that unauthorized access dated back as far as November 2024. The company told regulators that not every TriZetto customer was affected; some providers, including nonprofit technology partner OCHIN, confirmed their patients’ information had been compromised. OCHIN serves roughly 300 rural and community care providers, underscoring the breach’s potential reach into smaller clinics that rely on third‑party vendors.

Cognizant, TriZetto’s parent, said in a statement that it had “eliminated the threat” to its environment, but a company spokesperson would not explain why the intrusion went undetected for almost a year. Other requests for comment, according to reporting, were not answered. On social media, industry observers reacted with alarm: “A year inside the system before anyone noticed is wild. Detection speed clearly matters more than perimeter security,” one commenter wrote on LinkedIn.

The files targeted are part of the ubiquitous 270/271 eligibility process used to verify patients’ insurance coverage before care and billing. Security and policy analysts say that combination of personally identifiable information and insurance identifiers can be especially valuable to fraudsters. “That mix is potent for identity theft and medical fraud, enabling criminals to open lines of credit, file false claims, or socially engineer patients and clinics with convincing specificity,” Pam Belluck wrote in analysis of the incident.

The breach adds to a pattern of large-scale attacks on core health‑tech vendors. In 2024 a ransomware attack on Change Healthcare — a clearinghouse that processes billions of transactions — resulted in the theft of millions of patient records and widespread disruption to prescriptions, claims and revenue cycles nationwide. TriZetto says it serves around 200 million people through roughly 875,000 healthcare providers across the United States, a scale that makes any vendor compromise a high‑stakes contagion risk for the health system.

Market and regulatory implications are immediate. Providers that outsource eligibility, claims and other administrative functions depend on vendor uptime and data integrity; failures can interrupt care operations, slow revenue cycles, and expose providers to liability and remediation costs. State attorneys general and federal regulators including the Department of Health and Human Services’ Office for Civil Rights have in recent years prioritized vendor oversight, and a multistate response or OCR inquiry would be consistent with precedent following major health‑sector breaches.

Key questions remain unanswered: which TriZetto customers were affected in total and by geography, whether affected individuals have been notified and offered remediation such as credit monitoring, the technical means the attackers used to gain and maintain access, and whether the stolen data has been posted or sold. TriZetto’s Maine filing provides the core details released so far; investigators, impacted providers and regulators will need to disclose further specifics to quantify harm and shape policy responses to persistent third‑party risk in health care.