TriZetto Supplier Options, a healthcare IT firm that develops software program and companies utilized by well being insurers and healthcare suppliers, has suffered a data breach that uncovered the delicate info of over 3.4 million folks.
The agency, which has been working underneath the Cognizant umbrella since 2014, disclosed that it detected suspicious exercise on an internet portal on October 2, 2025, and launched an investigation with the assistance of exterior cybersecurity specialists.
The investigation revealed that unauthorized entry started practically a 12 months earlier than, on November 19, 2024.
In the course of the publicity interval, the menace actors accessed data regarding insurance coverage eligibility verification transactions, that are a part of the method suppliers use to substantiate a affected person’s insurance coverage protection earlier than therapy.
The varieties of knowledge which were uncovered fluctuate per particular person, and will embody a number of of the next:
- Full names
- Bodily deal with
- Date of start
- Social Safety quantity
- Medical health insurance member quantity
- Medicare beneficiary identifier
- Supplier title
- Well being insurer title
- Demographic, well being, and insurance coverage info
Affected suppliers had been alerted on December 9, 2025, however buyer notification began in early February 2026. In keeping with a submitting Maine’s Lawyer Common submitted at the moment, the variety of uncovered people is 3,433,965.
TriZetto says that cost card, checking account, or different monetary info was not uncovered on this incident.
Additionally, the corporate will not be conscious of any instances the place cybercriminals have tried to misuse this info.
TriZetto says it has taken steps to strengthen cybersecurity on its methods and knowledgeable legislation enforcement authorities of the incident.
Notification recipients are provided free 12-month protection of credit score monitoring and id safety companies from Kroll to assist mitigate dangers arising from compromised knowledge.
BleepingComputer has contacted TriZetto to study extra concerning the nature of the security breach and why the agency delayed notifications to shoppers for a number of months, however now we have not obtained a response by publication time.
No ransomware teams have taken duty for the assault but, and no knowledge leaks linked to TriZetto have appeared on underground boards.
Cognizant itself was rumored to have suffered a Maze ransomware breach in 2020. In June 2025, Clorox sued the IT agency for gross negligence after it allegedly let Scattered Spider operatives into its community following a social engineering assault in September 2023.
Malware is getting smarter. The Pink Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your security stack is blinded.
