TriZetto Breach Exposes 3.4 Million Healthcare Records

TriZetto Provider Solutions, a healthcare IT subsidiary of Cognizant Technology Solutions, has confirmed that attackers accessed personal and health information belonging to more than 3.4 million patients. The breach, which began in November 2024 and wasn't detected until October 2025, ranks among the largest healthcare data exposures disclosed this year.

TechCrunch first reported the company's disclosure this week, following notification letters sent to affected individuals.

What Was Exposed

The compromised data includes highly sensitive protected health information (PHI):

• Full names and addresses
• Dates of birth
• Social Security numbers
• Health insurance member numbers
• Medicare beneficiary identifiers
• Provider and health insurer names
• Primary insured information
• Additional demographic and health insurance details

TriZetto confirmed that payment card numbers, bank account data, and other financial information were not accessed. But the combination of SSNs with healthcare identifiers creates significant identity theft risk—medical identity fraud is notoriously difficult to detect and resolve.

Timeline of Failure

The breach timeline reveals concerning gaps in detection:

Event	Date
Initial unauthorized access	November 2024
Suspicious activity detected	October 2, 2025
Breach scope determined	November 28, 2025
Provider notifications began	December 2025
Public disclosure	March 6, 2026

That's nearly a full year of undetected access—an eternity in cybersecurity terms. Attackers compromised a web portal used by medical practitioners for insurance eligibility verification transactions, giving them sustained access to query patient records.

Healthcare Under Siege

The TriZetto incident joins a concerning pattern of healthcare data breaches in early 2026. We've covered several major incidents, including the Blue Shield California data exposure from a record-merging error and PIH Health's breach notification affecting thousands of patients.

Healthcare organizations remain attractive targets for several reasons. Patient data commands premium prices on dark web markets because it enables multiple fraud types: insurance claims, prescription fraud, and identity theft. Unlike credit card numbers that can be quickly invalidated, medical records contain permanent identifiers that retain value indefinitely.

The sector also faces structural challenges: aging infrastructure, interoperability requirements that complicate security controls, and chronic underfunding of information security programs. Healthcare accounted for 31% of all ransomware attacks in February 2026 according to BlackFog's monthly tracking.

What TriZetto Is Offering

Cognizant has engaged cybersecurity experts to investigate and implement additional safeguards. Affected individuals are being offered 12 months of complimentary identity protection services through Kroll, including:

• Credit monitoring across three bureaus
• Dark web monitoring for exposed data
• Fraud assistance and identity theft recovery
• Up to $1 million in identity fraud loss reimbursement

The company states that no identity theft or fraud linked to this breach has been reported to date. However, given the year-long exposure window, monitoring services represent the minimum reasonable response.

Questions Remain Unanswered

Several aspects of this breach warrant scrutiny:

No threat actor attribution: No ransomware group has claimed responsibility, which could indicate Cognizant paid a ransom in exchange for silence—or that attackers simply exfiltrated data without deploying encryption.

Detection delay: How did unauthorized access persist for 11 months without triggering alerts? Portal-based attacks against healthcare systems often leave detectable patterns in access logs and query volumes.

Notification timeline: Three months elapsed between completing the breach investigation and public disclosure. While HIPAA allows up to 60 days for individual notifications, affected patients had limited ability to take protective action during this period.

Protecting Yourself

If you received a notification letter from TriZetto:

1. Enroll in the free monitoring services immediately—the offer expires
2. Place fraud alerts with credit bureaus even before monitoring activates
3. Request your Medicare Summary Notices and review for unfamiliar claims
4. Monitor health insurance EOBs (Explanation of Benefits) for services you didn't receive
5. Consider a credit freeze if you don't need new credit accounts

Medical identity fraud often goes undetected until victims receive unexpected medical bills or find inaccurate information in their health records. The data breach guide explains additional protective steps for exposed individuals.

Why This Matters

TriZetto processes insurance eligibility verification for healthcare providers nationwide. A breach at this scale affecting infrastructure that connects providers to insurers demonstrates how third-party risk propagates through healthcare ecosystems.

Organizations that trusted TriZetto with patient data now face notification obligations, regulatory scrutiny, and reputational risk—despite having no direct role in the security failure. This pattern repeats across industries where specialized service providers concentrate sensitive data, creating single points of failure with cascading consequences.