TriZetto, a prominent player in the health technology sector, has revealed that a data breach has compromised the personal and health information of over 3.4 million individuals. This incident, which occurred in 2024, went undetected for nearly a year.
Owned by the multinational conglomerate Cognizant, TriZetto provides services to approximately 200 million people across 875,000 healthcare providers in the United States. The company's technology is utilized by medical practices to verify patient insurance eligibility for treatments.
In a recent disclosure to Maine's attorney general, TriZetto confirmed that hackers accessed patient insurance eligibility transaction reports stored on its servers. The stolen data encompasses sensitive details, including names, birth dates, home addresses, Social Security numbers, and healthcare-related information such as provider names and insurance specifics.
TriZetto identified the breach on October 2, 2025, but further investigation revealed that unauthorized access had begun as early as November 2024. A representative from Cognizant has not yet commented on the delayed detection of this breach.
Several healthcare organizations have acknowledged that their patients' data was part of the compromised information. Notably, OCHIN, a nonprofit that supports around 300 rural and community healthcare providers, is among those affected.
While TriZetto has stated that not all customers were impacted, this incident highlights the ongoing challenges within the health tech industry regarding cybersecurity. TriZetto joins a list of major health technology firms that have experienced breaches in recent years, including a significant ransomware attack on Change Healthcare in 2024, which resulted in the theft of over 192 million patient files.
As the health tech landscape continues to evolve, the importance of robust cybersecurity measures becomes ever more critical to protect sensitive patient information.
