Cognizant TriZetto Data Breach Exposes 3.4 Million Patients’ Records

TriZetto Provider Solutions, a healthcare IT firm under Cognizant, has disclosed a significant data breach that compromised the sensitive information of more than 3.4 million individuals. The breach, which involved unauthorized access to systems used for insurance eligibility verification, highlights ongoing cybersecurity challenges in the healthcare sector.

The breach was first detected on October 2, 2025, when suspicious activity was identified on a web portal. An investigation, assisted by external cybersecurity experts, revealed that the unauthorized access had begun nearly a year earlier, on November 19, 2024. During this time, threat actors accessed records containing sensitive personal and health-related information.

What Data Was Exposed?

The compromised data varies by individual but includes a range of sensitive information. Among the exposed details are full names, physical addresses, dates of birth, Social Security numbers, health insurance member numbers, Medicare beneficiary identifiers, and demographic, health, and insurance information. Additionally, records linked to provider and insurer names were also accessed.

Notably, TriZetto has confirmed that no payment card or bank account information was exposed. The company has also stated that there is no evidence of the stolen data being misused by cybercriminals at this time. However, the nature of the exposed information poses significant risks of identity theft and fraud.

Timeline of Notifications

Affected healthcare providers were informed of the breach on December 9, 2025. However, individual notifications to impacted patients began only in early February 2026. According to a filing with Maine’s Attorney General, the total number of affected individuals stands at 3,433,965.

To mitigate potential risks, TriZetto is offering affected individuals 12 months of free credit monitoring and identity protection services through Kroll. These services aim to help individuals monitor and safeguard their personal information against potential misuse.

Steps Taken to Address the Breach

In response to the incident, TriZetto has implemented measures to strengthen its cybersecurity defenses. The company has also reported the breach to law enforcement authorities and is cooperating with ongoing investigations. Despite these efforts, questions remain about the delay in notifying affected individuals and the overall security posture of the organization.

As of now, no ransomware groups have claimed responsibility for the breach, and there is no evidence of the stolen data being listed on underground forums. However, the incident underscores the persistent threat of cyberattacks targeting the healthcare industry, which often handles vast amounts of sensitive personal data.

Broader Implications for Healthcare Cybersecurity

This breach is a stark reminder of the vulnerabilities within healthcare IT systems. With the healthcare sector increasingly relying on digital platforms for operations, the need for robust cybersecurity measures has never been more critical. Incidents like this not only jeopardize patient trust but also expose organizations to regulatory scrutiny and potential legal action.

Healthcare providers and IT firms must prioritize proactive measures, including regular security audits, employee training, and advanced threat detection systems, to mitigate the risk of similar breaches in the future. Additionally, timely disclosure and transparent communication are essential to maintaining trust and minimizing the impact on affected individuals.