TriZetto Provider Solutions Reports Data Breach Impacting Healthcare Clients
Post Summary
TriZetto Provider Solutions, a company owned by Cognizant that provides revenue management services to the healthcare industry, has disclosed a data breach affecting some of its healthcare provider clients. The breach involved unauthorized access to sensitive patient information over a period of nearly a year.
Incident Overview
On October 2, 2025, TriZetto identified suspicious activity within a web portal used by healthcare providers to access its systems. The company responded immediately by securing the portal and initiating an investigation with the help of the cybersecurity firm Mandiant. TriZetto has stated that the "threat actor has been eradicated from its system" and confirmed that no further unauthorized access has been detected since the initial breach was discovered.
However, a forensic investigation revealed that the unauthorized access began as early as November 2024. During that period, the threat actor gained access to historical eligibility transaction reports stored on TriZetto’s systems. These reports contained sensitive protected health information (PHI) related to patients served by certain healthcare providers.
sbb-itb-535baee
Compromised Data
The investigation, which concluded at the end of November 2025, determined that the breach exposed various types of personal and health-related information. This included patients' and primary insureds' names, addresses, dates of birth, Social Security numbers, health insurance member numbers (including Medicare beneficiary numbers in some cases), health insurer names, and demographic health and insurance details. TriZetto emphasized that no financial information was involved in this incident.
Notifications and Response Measures
TriZetto has notified the affected healthcare providers and shared details about the compromised data and the individuals impacted. Under the HIPAA Breach Notification Rule, affected individuals must be informed within 60 days of a HIPAA-covered entity being made aware of the data breach. TriZetto has offered to assist its healthcare clients by handling these individual notifications, as well as reporting the incident to the Department of Health and Human Services’ Office for Civil Rights, state regulators, and media outlets.
Additionally, TriZetto has pledged to cover the costs of complimentary credit monitoring, fraud consultation, and identity theft restoration services for affected individuals.
Breach Scale Unclear
While the exact number of impacted healthcare provider clients and individuals remains unknown, the company has acknowledged that the breach spanned an 11-month period. This duration suggests the potential for a significant number of records to have been compromised.
TriZetto continues to work closely with its healthcare clients to manage the fallout from this incident. Further updates from the company are expected as more details become available.
