Tris Pharma Data Breach Involving Unauthorized Network Access
Tris Pharma experienced a data breach after detecting unauthorized activity on its network between September 24 and September 25, 2025. The breach, discovered on September 24, involved an unknown threat actor accessing specific systems, potentially exposing personal information such as names and other sensitive identifiers. The company has stated there is no current evidence of fraud or identity theft, but the investigation is ongoing, and law enforcement and regulators have been notified to mitigate further risks.
The exposure of personal identifiers raises concerns about possible identity theft or targeted phishing attacks, as similar incidents in the pharmaceutical sector have led to such outcomes. Tris Pharma has not confirmed any misuse of the compromised data but is taking steps to address the incident and protect affected individuals. Customers and individuals associated with Tris Pharma are advised to remain vigilant for potential social engineering scams or financial fraud attempts resulting from this breach.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
UpGuard reports a data breach involving Tris Pharma
UpGuard published a report stating that a data breach was reported for Tris Pharma. The provided references do not include additional details on the incident's timing, scope, or impact beyond the existence of the report.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
TriZetto Provider Solutions Notifies Patients of Data Breach Exposure
TriZetto Provider Solutions sent breach notification letters warning affected individuals that their personal information may have been exposed in a security incident, and offered identity monitoring and fraud support services. The notices say the company had not found evidence of identity theft or fraud tied to the incident at the time of mailing, but urged recipients to closely monitor account statements, review credit reports, and report suspicious activity to their financial institutions. The notification materials also outline consumer protection steps available to impacted people, including placing fraud alerts, requesting security freezes, and obtaining police reports where applicable under state law. TriZetto provided a dedicated assistance line and enrollment instructions for complimentary identity protection services, indicating a broad, regulated breach response affecting patient or consumer data handled through its provider solutions business.
May 27, 2026
Multiple Healthcare Data Breaches Expose Patient Information
Several healthcare organizations in the United States have reported significant data breaches resulting in the exposure of protected health information (PHI) for tens of thousands of patients. TriZetto Provider Solutions, a revenue management service provider, discovered unauthorized access to its web portal dating back to November 2024, with attackers accessing historical eligibility transaction reports containing sensitive patient data such as names, addresses, Social Security numbers, and health insurance details. The breach was detected in October 2025, after which immediate remediation steps were taken, including engaging Mandiant for investigation and securing the affected systems. Other incidents include breaches at Morton Drug Company in Wisconsin, Physicians to Children & Adolescents in Kentucky, the Center for Urologic Care of Berks County in Pennsylvania, North Atlantic States Carpenters Health Benefits Fund in Massachusetts, and Millcreek Pediatrics in Delaware. These breaches involved unauthorized network access and resulted in the exposure of PHI, including names, birth dates, medical record numbers, prescription information, and, in some cases, Social Security numbers. Affected organizations have notified impacted individuals and are offering credit monitoring services where appropriate, while also implementing enhanced security measures to prevent future incidents.
Mar 21, 2026
TriZetto Provider Solutions Data Exfiltration Affecting Healthcare Client Insurance Data
**TriZetto Provider Solutions** (a Cognizant business unit providing revenue cycle management and claims clearinghouse services) is notifying more than **3.4 million individuals** after investigators determined threat actors accessed and exfiltrated healthcare clients’ **insurance-related data**. The activity reportedly began in **November 2024** but was not detected until **October 2025**, indicating a prolonged period of unauthorized access before discovery. The incident was reported to the U.S. Department of Health and Human Services via the **HIPAA Breach Reporting Tool** as impacting approximately **3.43 million** people, while TriZetto has not publicly specified how many healthcare customers were affected. Multiple healthcare organizations have publicly stated they were impacted and have issued their own patient notifications, underscoring downstream exposure risk for providers relying on TriZetto’s billing and claims processing services.
Mar 21, 2026