Health technology giant TriZetto has officially confirmed a massive data breach involving the personal and medical information of 3.4 million individuals. The incident, which remained undetected by the company for nearly a year, occurred during a 2024 cyberattack targeting the firm’s digital infrastructure.
Scope of the Exposure
TriZetto, a subsidiary of the multinational conglomerate Cognizant, plays a critical role in the U.S. healthcare ecosystem. The company supports approximately 200 million people and 875,000 healthcare providers, offering services that allow doctors’ offices to verify patient insurance eligibility for medical treatments.
According to a filing submitted to Maine’s attorney general, hackers successfully exfiltrated insurance eligibility transaction reports directly from the company’s servers.
Data Compromised in the Attack
The stolen data set is highly sensitive, containing a mix of personal and clinical information. Impacted individuals have had the following details exposed:
- Full names and home addresses
- Dates of birth and Social Security numbers
- Provider names and demographic data
- Specific health and insurance coverage details
Timeline and Response
While TriZetto formally identified the breach on October 2, 2025, forensic investigations revealed that unauthorized actors had gained access to the systems as early as November 2024. Cognizant spokesperson William Abelson stated that the company has since “eliminated the threat” within its environment, though he declined to address why the intrusion persisted undetected for nearly 12 months.
Wider Impact on Healthcare Providers
The breach has had a cascading effect on various healthcare organizations that rely on TriZetto’s technology. OCHIN, a nonprofit consultancy firm supporting 300 rural and community care providers, confirmed its patients were among those affected. Additional healthcare providers across California have also reported that their patient data was compromised in the event. TriZetto maintains that not all of its customers were impacted by the security failure.
A Recurring Industry Vulnerability
This incident adds to a troubling trend of large-scale cybersecurity failures within the health-tech sector. In 2024, a major ransomware attack on Change Healthcare—which processes 15 billion transactions annually—resulted in the theft of over 192 million patient files. That incident caused widespread disruption across the United States, effectively cutting off patient access to essential medications and medical procedures.