TriZetto Provider Solutions Data Exfiltration Affecting Healthcare Client Insurance Data
TriZetto Provider Solutions (a Cognizant business unit providing revenue cycle management and claims clearinghouse services) is notifying more than 3.4 million individuals after investigators determined threat actors accessed and exfiltrated healthcare clients’ insurance-related data. The activity reportedly began in November 2024 but was not detected until October 2025, indicating a prolonged period of unauthorized access before discovery.
The incident was reported to the U.S. Department of Health and Human Services via the HIPAA Breach Reporting Tool as impacting approximately 3.43 million people, while TriZetto has not publicly specified how many healthcare customers were affected. Multiple healthcare organizations have publicly stated they were impacted and have issued their own patient notifications, underscoring downstream exposure risk for providers relying on TriZetto’s billing and claims processing services.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Class action lawsuits follow breach disclosures
By early March 2026, TriZetto and parent company Cognizant were facing nearly two dozen proposed federal class action lawsuits over the breach. The suits allege negligence and seek damages and security improvements.
TriZetto begins notifying affected individuals
TriZetto started consumer notifications in early February 2026, offering 12 months of Kroll credit monitoring and identity protection. Notices said exposed data could include personal identifiers, insurance details, and some health information.
TriZetto files HIPAA and Maine breach notices
On February 6, 2026, TriZetto reported the incident to the U.S. HHS HIPAA Breach Reporting Tool and filed notice with the Maine Attorney General. The filings said 3,433,965 individuals were affected, including 1,128 Maine residents.
TriZetto notifies affected healthcare providers
TriZetto alerted providers about the breach on December 9, 2025, after investigating the incident. Multiple healthcare organizations later disclosed that their patients' information was affected.
TriZetto detects suspicious activity in client web portal
TriZetto said it discovered suspicious activity in a web portal used by some healthcare clients on October 2, 2025. The discovery led to an investigation into a long-running data exfiltration incident.
Attackers begin accessing TriZetto transaction records
Investigators determined unauthorized access to TriZetto insurance eligibility verification transaction records began in November 2024, with one report specifying November 19, 2024. The access affected data used by healthcare providers to verify patient insurance coverage.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Cognizant TriZetto Data Breach Exposes Health Information of 3.4 Million Patients
cybersecuritynews.com
Open sourceTriZetto confirms 3.4M people's health and personal data was stolen during breach | TechCrunch
techcrunch.com
Open sourceCognizant TriZetto breach exposes health data of 3.4 million patients
bleepingcomputer.com
Open sourceTrizetto Notifying 3.4M of 2024 Hack Detected in 2025
govinfosecurity.com
Open sourceTrizetto Notifying 3.4M of 2024 Hack Detected in 2025
bankinfosecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Third-Party Healthcare and Benefits Service Provider Breaches Expand to Millions of Victims
Health insurance technology provider **TriZetto Provider Solutions** (a Cognizant subsidiary) updated breach notifications indicating the impact of its **November 2024** intrusion has grown to **more than 3.4 million** affected individuals. Disclosures to state regulators and downstream notifications from county governments and healthcare providers indicate theft of sensitive personal data including **addresses, Social Security numbers, and health insurance identifiers**, with some jurisdictions reporting hundreds of thousands of impacted residents. Separately, the **Conduent** incident has expanded dramatically in public filings, with reported totals rising from roughly **10.5 million** to **more than 25 million** affected individuals across the US, including a major increase in **Texas** (reported at **15.4 million**) while **Oregon** remains around **10.5 million**. Reporting indicates attackers maintained access for roughly **three months** and exfiltrated about **8 TB** of data, underscoring the systemic risk posed by large, behind-the-scenes vendors that support **Medicaid/SNAP and other state benefit programs**, healthcare-related processing, and major employer services—creating a wide “blast radius” even for individuals unfamiliar with the vendor name.
Mar 21, 2026
Large US Healthcare Data Breaches Impacting Millions of Patients
Multiple healthcare-sector data breaches were disclosed with significant exposure of **protected health information (PHI)**. TriZetto Provider Solutions (TPS), an insurance verification provider, reported a compromise that began in **November 2024** and was not detected until nearly a year later; the threat was reportedly eradicated on **Oct. 2, 2025**. Notifications to affected healthcare provider customers across several states continued into late 2025 and early 2026, with one Oregon advisory estimating exposure affecting **more than 700,000 people**; impacted providers stated there was no current evidence of misuse and that **financial details were not stolen**. Separately, Healthcare Interactive (*HCIactive*), an AI-powered insurance enrollment and benefits administration vendor, confirmed that an intrusion and data exfiltration tied to activity in mid-2025 ultimately affected **3,056,950 individuals**, after earlier placeholder reporting while scope was still being determined; reported unauthorized access windows vary from **July 8–12, 2025** to a broader **June 17–July 22, 2025**. Another incident involved AI care-coordination platform *Lena Health*, where a threat actor claimed exposure of patient data (including references to a **Twilio call recording database**) and alleged that **2,134 patients’ PHI** was stored in an unencrypted export in a public-facing **AWS S3 bucket**, with follow-on reporting indicating exploitation after a publicly disclosed vulnerability and an available patch that was not applied in time.
Mar 21, 2026
Multiple Healthcare Data Breaches Expose Patient Information
Several healthcare organizations in the United States have reported significant data breaches resulting in the exposure of protected health information (PHI) for tens of thousands of patients. TriZetto Provider Solutions, a revenue management service provider, discovered unauthorized access to its web portal dating back to November 2024, with attackers accessing historical eligibility transaction reports containing sensitive patient data such as names, addresses, Social Security numbers, and health insurance details. The breach was detected in October 2025, after which immediate remediation steps were taken, including engaging Mandiant for investigation and securing the affected systems. Other incidents include breaches at Morton Drug Company in Wisconsin, Physicians to Children & Adolescents in Kentucky, the Center for Urologic Care of Berks County in Pennsylvania, North Atlantic States Carpenters Health Benefits Fund in Massachusetts, and Millcreek Pediatrics in Delaware. These breaches involved unauthorized network access and resulted in the exposure of PHI, including names, birth dates, medical record numbers, prescription information, and, in some cases, Social Security numbers. Affected organizations have notified impacted individuals and are offering credit monitoring services where appropriate, while also implementing enhanced security measures to prevent future incidents.
Mar 21, 2026