TriZetto Breach Exposes Health Data of 3.4 Million
▼ Summary
– TriZetto, a major health tech company, confirmed a 2024 cyberattack that stole personal and health data of over 3.4 million people.
– The stolen data includes names, Social Security numbers, addresses, and detailed health insurance information.
– The company failed to detect the breach for nearly a year, discovering it in October 2025 despite hacker access dating back to November 2024.
– Several healthcare providers, including nonprofit OCHIN, have confirmed their patients’ information was compromised in the attack.
– This incident follows other major health tech breaches, notably the 2024 ransomware attack on Change Healthcare that affected 192 million patient files.
A significant data breach at the health technology company TriZetto has compromised the sensitive personal and medical information of over 3.4 million individuals. The company, a subsidiary of Cognizant, disclosed that the cyberattack went undetected for nearly a full year, with unauthorized access to its systems beginning in November 2024. TriZetto provides critical insurance eligibility services to approximately 875,000 healthcare providers across the United States, impacting a vast network of patients and doctors.
The breach involved the theft of insurance eligibility transaction reports from the company’s servers. The stolen data is extensive, including highly sensitive details such as patients’ full names, dates of birth, home addresses, and Social Security numbers. Furthermore, the compromised files contained specific healthcare information, including the names of medical providers, demographic data, and comprehensive health and insurance details. This type of information is particularly valuable on illicit markets, posing severe risks of identity theft and medical fraud for the affected individuals.
TriZetto’s internal investigation revealed a troubling timeline. While the company officially identified the security incident on October 2, 2025, forensic analysis later determined that hackers had infiltrated their network as far back as November of the previous year. This extended period of undetected access raises serious questions about the organization’s security monitoring and threat detection capabilities. A spokesperson for parent company Cognizant did not provide an immediate comment regarding the reasons for the year-long delay in discovering the intrusion.
Several healthcare organizations have already confirmed that their patient data was part of the stolen information. One notable affected entity is OCHIN, a nonprofit that supplies technology to around 300 rural and community healthcare providers nationwide. Additional healthcare providers in California have also acknowledged their patients’ information was compromised in the attack. TriZetto has stated that not every one of its customers was impacted by this event.
This incident marks another major cybersecurity failure within the critical healthcare technology sector. It follows the devastating 2024 ransomware attack on Change Healthcare, which resulted in the theft of an estimated 192 million patient records and caused widespread operational outages that disrupted medical care and prescription access for countless Americans. The TriZetto breach underscores the persistent and severe vulnerabilities in systems that manage vast quantities of protected health information, highlighting an urgent need for enhanced security protocols across the industry.
(Source: TechCrunch)
