TriZetto Confirms Major Data Breach Affecting Over 3.4 Million, Undetected for Nearly a Year

Health tech giant TriZetto has officially confirmed a significant cyberattack that resulted in the theft of personal and health information belonging to more than 3.4 million individuals. The breach, which occurred in 2024, went undetected by the company for an alarming period of almost a year, raising serious questions about its cybersecurity protocols and monitoring capabilities.

TriZetto, a pivotal player in the healthcare technology sector, is owned by the multinational conglomerate Cognizant. Its extensive reach underscores the gravity of this security incident. According to its official website, TriZetto serves an immense network of approximately 200 million people across 875,000 healthcare providers throughout the United States. The company’s core function involves providing essential backend services to healthcare providers, enabling them to efficiently assess patients’ insurance eligibility for medical treatments and streamline other critical administrative processes. This deep integration into the U.S. healthcare system means that a security compromise at TriZetto has far-reaching implications, extending beyond the immediate individuals whose data was stolen to impact the broader operational integrity of numerous medical practices and facilities.

The details of the breach were brought to light through a filing with Maine’s attorney general on Friday, revealing the scope and nature of the compromised data. In this official disclosure, TriZetto stated that hackers successfully exfiltrated patients’ insurance eligibility transaction reports from the company’s servers. These reports, while seemingly administrative, contain a treasure trove of highly sensitive information, making them prime targets for malicious actors.

The stolen data encompasses a wide array of personal identifiers that could be exploited for various forms of fraud and identity theft. This includes patients’ full names, precise dates of birth, current home addresses, and, critically, Social Security numbers. The compromise of Social Security numbers is particularly concerning, as it provides criminals with a key piece of information needed to open fraudulent accounts, file false tax returns, or engage in other severe forms of identity theft that can have devastating long-term financial consequences for victims.

Beyond personal identifiers, the breach also exposed comprehensive healthcare-related information. This sensitive data includes the name of the patient’s healthcare provider, various demographic details, and specific health and insurance information. Such data, when combined with personal identifiers, can be used for medical identity theft, where criminals seek medical services under another person’s name, leading to false claims, erroneous medical records, and significant administrative and financial burdens for the true patient. The detailed nature of the compromised information amplifies the potential for harm, making individuals vulnerable to targeted phishing schemes, financial exploitation, and severe privacy violations.

One of the most troubling aspects of the TriZetto breach is the timeline of its detection. The company stated that it only identified the breach on October 2, 2025. However, a subsequent investigation revealed that the hackers had illicit access to its systems much earlier, extending as far back as November 2024. This nearly year-long gap between the initial compromise and its discovery highlights a significant failure in TriZetto’s cybersecurity monitoring and incident response capabilities. An extended period of undetected access allows cybercriminals ample time to exfiltrate vast quantities of data, explore system vulnerabilities, and potentially embed persistent access mechanisms, making remediation efforts far more complex and costly. The delay in detection also means that millions of individuals were unknowingly at risk for an extended period, without any opportunity to take protective measures.

A spokesperson for Cognizant, TriZetto’s parent company, did not immediately respond to requests for comment regarding the breach, including inquiries about the considerable delay in detecting the intrusion. This lack of immediate transparency from the conglomerate adds to the concerns surrounding the incident, particularly given the critical nature of the data involved and the extensive network of healthcare providers and patients affected.

Several healthcare organizations have already come forward to confirm that their patients’ information was indeed compromised as a direct result of the cyberattack on TriZetto. Among these is OCHIN, a prominent nonprofit consultancy firm. OCHIN plays a crucial role in the healthcare landscape by providing essential healthcare technology services to approximately 300 rural and community care providers across the United States. The breach affecting OCHIN’s network through TriZetto demonstrates the interconnectedness of the healthcare IT ecosystem and how a single point of failure can trigger a widespread ripple effect, impacting vulnerable populations in remote and underserved areas. In addition to OCHIN, other healthcare providers situated across California have also confirmed that their patient data was compromised, further illustrating the broad geographic scope of the incident.

While the breach is substantial, TriZetto has stated that not every customer was affected by the cyberattack. Nevertheless, the sheer volume of compromised records—exceeding 3.4 million—places this incident among the most significant data breaches to impact the healthcare sector in recent years, underscoring the persistent and escalating threat cybercriminals pose to sensitive health information.

TriZetto’s breach is not an isolated incident but rather the latest in a troubling series of cyberattacks targeting major health tech companies. The healthcare industry, with its vast repositories of highly valuable personal and medical data, has become a prime target for sophisticated cybercriminals, including ransomware groups and state-sponsored actors.

A stark parallel can be drawn to the ransomware attack that crippled Change Healthcare in 2024. Change Healthcare, another behemoth in health technology, is responsible for processing an staggering 15 billion healthcare transactions annually, making it an indispensable part of the nation’s medical infrastructure. The ransomware attack on Change Healthcare allowed hackers to steal over 192 million patient files, a number even larger than TriZetto’s breach, impacting a substantial portion of the American population. The fallout from the Change Healthcare cyberattack was immediate and severe, sparking widespread outages across the U.S. healthcare system. These disruptions left countless individuals without access to crucial medical treatments, delayed medication prescriptions, and caused immense financial and operational turmoil for hospitals, pharmacies, and clinics nationwide. The incident underscored the systemic vulnerability of centralized healthcare IT providers and the potential for a single breach to paralyze essential health services, highlighting the critical need for robust cybersecurity measures across the entire healthcare supply chain. Both the TriZetto and Change Healthcare incidents serve as potent reminders of the catastrophic consequences when the digital foundations of healthcare are compromised, jeopardizing patient privacy, financial security, and access to vital medical care. These breaches not only expose individuals to identity theft and fraud but also erode public trust in the institutions responsible for safeguarding their most sensitive information.

About the Author
Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security. He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at [email protected].
View Bio

TechCrunch Event
San Francisco, CA | October 13-15, 2026