A significant data breach at TriZetto Provider Solutions, a healthcare IT firm owned by Cognizant, has compromised the sensitive information of over 3.4 million individuals. The company, which provides software and services to health insurers and providers, detected suspicious activity on a web portal on October 2, 2025. An investigation, aided by external cybersecurity experts, later determined that unauthorized access to the system had actually begun nearly a year earlier, on November 19, 2024.
The breach exposed data related to insurance eligibility verification transactions. This process is critical for healthcare providers to confirm a patient's insurance coverage before administering treatment. The types of exposed information varied per individual but could include a combination of personal and health-related data. Notably, TriZetto has stated that payment card, bank account, or other financial information was not compromised in this incident.
Affected healthcare providers were notified by TriZetto on December 9, 2025. However, the direct notification of impacted individuals did not commence until early February 2026. According to a filing submitted by Maine's Attorney General, the total number of exposed individuals is 3,433,965. The company has stated it is not currently aware of any actual misuse of the stolen data.
This incident highlights the persistent vulnerabilities within healthcare IT ecosystems, where vast repositories of sensitive personal and medical information are prime targets for cybercriminals. The nearly year-long period of undetected access underscores the challenges organizations face in monitoring and securing complex systems against sophisticated threats.
