A breach at Cognizant’s TriZetto Provider Solutions exposed sensitive health data belonging to more than 3.4 million patients. A data breach at Cognizant’s TriZetto Provider Solutions exposed sensitive information belonging to more than 3.4 million patients. At this time, no ransomware group has claimed responsibility for the attack yet. TriZetto Provider Solutions is a healthcare […] A breach at Cognizant’s TriZetto Provider Solutions exposed sensitive health data belonging to more than 3.4 million patients. A data breach at Cognizant’s TriZetto Provider Solutions exposed sensitive information belonging to more than 3.4 million patients. At this time, no ransomware group has claimed responsibility for the attack yet. TriZetto Provider Solutions is a healthcare technology provider that develops software and services for medical practices, hospitals, and insurers. It offers tools for billing, revenue cycle management, claims processing, and administrative workflows used across the healthcare ecosystem. On October 2, 2025, the company detected suspicious activity in a web portal used by healthcare providers. An investigation revealed that, starting in November 2024, an unauthorized actor accessed records linked to insurance eligibility verification transactions. The firm engaged cybersecurity experts, notified law enforcement, and began informing affected providers in December 2025. Around November 28, 2025, TriZetto determined the breach may have exposed personal and health data, including names, addresses, birth dates, Social Security numbers, insurance details, and provider information. Financial data was not affected, and no identity theft or fraud linked to the incident has been reported so far. “On or around November 28, 2025, TPS learned that the affected data may have included your name, address, date of birth, Social Security number, health insurance member number (which, for some individuals, may be a Medicare beneficiary identifier), provider name, health insurer name, primary insured information, and other demographic, health, and health insurance information.” reads the data breach notification letter shared with the Maine Attorney General Office. “The incident did not affect any payment card, bank account, or other financial information. At this time, we are not aware of any identity theft or fraud related to the use of any affected individual’s information, including yours.” After discovering the incident, the company implemented additional safeguards to better protect its systems and services. TriZetto is offering a 12-month free identity protection services, including credit monitoring, credit reports, and credit score alerts for a limited period. The company also provides proactive fraud assistance through Kroll, a firm specializing in identity protection and fraud remediation. Although no identity theft or fraud has been linked to the breach so far, individuals are encouraged to remain vigilant. This includes reviewing financial statements, monitoring credit reports, and reporting suspicious activity to banks or financial institutions. A dedicated support line has also been set up to provide additional information and assistance. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, data breach)
Published: 2026-03-09T10:57:43