TriZetto Supplier Options, a healthcare IT firm that develops software program and providers utilized by well being insurers and healthcare suppliers, has suffered an information breach that uncovered the delicate data of over 3.4 million individuals.
The agency, which has been working beneath the Cognizant umbrella since 2014, disclosed that it detected suspicious exercise on an internet portal on October 2, 2025, and launched an investigation with the assistance of exterior cybersecurity specialists.
The investigation revealed that unauthorized entry started almost a yr earlier than, on November 19, 2024.
Through the publicity interval, the risk actors accessed data regarding insurance coverage eligibility verification transactions, that are a part of the method suppliers use to verify a affected person’s insurance coverage protection earlier than therapy.
The varieties of knowledge which were uncovered range per particular person, and will embody a number of of the next:
- Full names
- Bodily tackle
- Date of beginning
- Social Safety quantity
- Medical health insurance member quantity
- Medicare beneficiary identifier
- Supplier title
- Well being insurer title
- Demographic, well being, and insurance coverage data
Affected suppliers have been alerted on December 9, 2025, however buyer notification began in early February 2026. In line with a submitting Maine’s Lawyer Common submitted as we speak, the variety of uncovered people is 3,433,965.
TriZetto says that cost card, checking account, or different monetary data was not uncovered on this incident.
Additionally, the corporate just isn’t conscious of any instances the place cybercriminals have tried to misuse this data.
TriZetto says it has taken steps to strengthen cybersecurity on its techniques and knowledgeable regulation enforcement authorities of the incident.
Notification recipients are supplied free 12-month protection of credit score monitoring and identification safety providers from Kroll to assist mitigate dangers arising from compromised knowledge.
BleepingComputer has contacted TriZetto to be taught extra in regards to the nature of the safety breach and why the agency delayed notifications to customers for a number of months, however we’ve not acquired a response by publication time.
No ransomware teams have taken accountability for the assault but, and no knowledge leaks linked to TriZetto have appeared on underground boards.
Cognizant itself was rumored to have suffered a Maze ransomware breach in 2020. In June 2025, Clorox sued the IT agency for gross negligence after it allegedly let Scattered Spider operatives into its community following a social engineering assault in September 2023.
Malware is getting smarter. The Pink Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 methods and see in case your safety stack is blinded.
