Cyber: Cognizant Trizetto Breach Exposes Health Data Of 3.4 Million Patients

TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive information of over 3.4 million people. The firm, which has been operating under the Cognizant umbrella since 2014, disclosed that it detected suspicious activity on a web portal on October 2, 2025, and launched an investigation with the help of external cybersecurity experts. The investigation revealed that unauthorized access began nearly a year before, on November 19, 2024. During the exposure period, the threat actors accessed records relating to insurance eligibility verification transactions, which are part of the process providers use to confirm a patient’s insurance coverage before treatment. The types of data that have been exposed vary per individual, and may include one or more of the following: Affected providers were alerted on December 9, 2025, but customer notification started in early February 2026. According to a filing Maine’s Attorney General submitted today, the number of exposed individuals is 3,433,965. TriZetto says that payment card, bank account, or other financial information was not exposed in this incident. Also, the company is not aware of any cases where cybercriminals have attempted to misuse this information. TriZetto says it has taken steps to strengthen cybersecurity on its systems and informed law enforcement authorities of the incident. Notification recipients are offered free 12-month coverage of credit monitoring and identity protection services from Kroll to help mitigate risks arising from compromised data.