Healthcare Sector Data Breach Disclosures Expand Victim Counts Across Multiple Incidents
Multiple healthcare-related breach disclosures expanded significantly, led by TriZetto Provider Solutions reporting to regulators that 3,433,965 people were affected after an attacker used a web portal to access historical eligibility reports containing sensitive data (including SSNs and insurance information). Separately, Conduent Business Services told Wisconsin regulators that its incident now impacts “25 million-plus” people nationwide; the Xerox spinoff had previously reported ~15.5 million affected in Texas, prompting an investigation by Texas AG Ken Paxton, while reporting noted the event is still smaller than the largest U.S. health-data breach on record.
Reporting on the Change Healthcare ransomware incident reiterated that UnitedHealth estimated roughly 190 million people were affected, with congressional testimony attributing initial access to a Citrix remote access portal lacking MFA, followed by data theft and ransomware deployment; reporting also cited a $22 million ransom payment. In the Asia-Pacific region, a separate healthcare privacy incident involving New Zealand’s ManageMyHealth patient portal was cited as exposing data from ~120,000 people, and was used to underscore governance, access control, and third-party oversight gaps as recurring drivers of healthcare-sector exposure.
Related Entities
Sources
Related Stories
Third-Party Healthcare and Benefits Service Provider Breaches Expand to Millions of Victims
Health insurance technology provider **TriZetto Provider Solutions** (a Cognizant subsidiary) updated breach notifications indicating the impact of its **November 2024** intrusion has grown to **more than 3.4 million** affected individuals. Disclosures to state regulators and downstream notifications from county governments and healthcare providers indicate theft of sensitive personal data including **addresses, Social Security numbers, and health insurance identifiers**, with some jurisdictions reporting hundreds of thousands of impacted residents. Separately, the **Conduent** incident has expanded dramatically in public filings, with reported totals rising from roughly **10.5 million** to **more than 25 million** affected individuals across the US, including a major increase in **Texas** (reported at **15.4 million**) while **Oregon** remains around **10.5 million**. Reporting indicates attackers maintained access for roughly **three months** and exfiltrated about **8 TB** of data, underscoring the systemic risk posed by large, behind-the-scenes vendors that support **Medicaid/SNAP and other state benefit programs**, healthcare-related processing, and major employer services—creating a wide “blast radius” even for individuals unfamiliar with the vendor name.
2 weeks ago
Large US Healthcare Data Breaches Impacting Millions of Patients
Multiple healthcare-sector data breaches were disclosed with significant exposure of **protected health information (PHI)**. TriZetto Provider Solutions (TPS), an insurance verification provider, reported a compromise that began in **November 2024** and was not detected until nearly a year later; the threat was reportedly eradicated on **Oct. 2, 2025**. Notifications to affected healthcare provider customers across several states continued into late 2025 and early 2026, with one Oregon advisory estimating exposure affecting **more than 700,000 people**; impacted providers stated there was no current evidence of misuse and that **financial details were not stolen**. Separately, Healthcare Interactive (*HCIactive*), an AI-powered insurance enrollment and benefits administration vendor, confirmed that an intrusion and data exfiltration tied to activity in mid-2025 ultimately affected **3,056,950 individuals**, after earlier placeholder reporting while scope was still being determined; reported unauthorized access windows vary from **July 8–12, 2025** to a broader **June 17–July 22, 2025**. Another incident involved AI care-coordination platform *Lena Health*, where a threat actor claimed exposure of patient data (including references to a **Twilio call recording database**) and alleged that **2,134 patients’ PHI** was stored in an unencrypted export in a public-facing **AWS S3 bucket**, with follow-on reporting indicating exploitation after a publicly disclosed vulnerability and an available patch that was not applied in time.
1 months ago
Healthcare Provider Data Breaches and Ransomware-Linked Patient Data Exposure
Multiple U.S. healthcare organizations reported **unauthorized network access and patient data exposure**, with several incidents involving confirmed **data exfiltration** and follow-on notification/credit-monitoring actions. **QualDerm Partners** disclosed unauthorized access between **Dec. 23–24, 2025** with files exfiltrated and notifications being sent on a rolling basis, while **Carolina Foot & Ankle Associates** reported a **Dec. 2025** intrusion detected after a network disruption and confirmed exfiltration of files containing PHI (e.g., demographics, MRNs, insurance data, and treatment/billing codes). Additional breach disclosures included **Cedar Point Health** (intrusion detected around **June 16, 2025**, with a months-long data review concluding in late Jan. 2026 and impacted data potentially including SSNs/ITINs and government IDs) alongside separate notifications from **Wee Care Pediatrics** and **Easterseals Northeast Indiana**. Legal and regulatory consequences continued to surface from earlier healthcare incidents. **Asheville Eye Associates** agreed to settle consolidated class-action litigation tied to a **Nov. 2024** attack claimed by **DragonForce ransomware**, which allegedly exfiltrated **~540 GB** before encrypting systems and later leaked data when ransom was not paid; the breach was reported to HHS OCR as affecting **204,984** individuals. Sector-wide reporting also indicated **46** large healthcare breaches logged for **Jan. 2026** on the HHS OCR portal (500+ individuals), exposing **~1.44 million** individuals’ PHI, amid discussion that late-2025 reporting backlogs may have influenced recent month-to-month trends.
2 weeks ago