Healthcare IT Firm Data Breach Exposes Information of 3.4 Million People

A security incident at a healthcare technology provider exposed insurance and personal records belonging to millions of individuals.

TriZetto Provider Solutions, a healthcare IT company owned by Cognizant, confirmed a data breach that exposed sensitive data from more than 3.4 million people.

The company develops software used by health insurers and healthcare providers to manage patient coverage and insurance verification.

Unauthorized Access Lasted Nearly a Year

TriZetto detected suspicious activity on October 2, 2025. The company started an investigation with external cybersecurity experts.

The investigation revealed that attackers had gained access much earlier. Unauthorized access began on November 19, 2024.

During this period, attackers accessed records connected to insurance eligibility verification transactions. Healthcare providers use this process to confirm a patient’s insurance coverage before treatment.

Types of Data That May Have Been Exposed

The exposed information varies by individual. In some cases, attackers may have accessed the following data:

Full names
Home addresses
Dates of birth
Social Security numbers
Health insurance member numbers
Medicare beneficiary identifiers
Provider names
Health insurer names
Health and demographic information

The company confirmed that payment card and bank account data were not exposed.

More Than 3.4 Million People Impacted

A report submitted to the Maine Attorney General confirmed that 3,433,965 individuals were affected.

TriZetto notified healthcare providers on December 9, 2025. The company began notifying affected individuals in February 2026.

TriZetto also reported the incident to law enforcement and strengthened security controls across its systems.

Identity Protection Services Offered

TriZetto offers 12 months of identity monitoring and credit protection to affected individuals. The services are provided through Kroll.

The company says it has not found evidence that attackers misused the exposed data.

Investigation Continues

No ransomware group has claimed responsibility for the breach so far. Investigators have also not found the data on underground forums.

Security researchers continue to investigate how attackers gained access to the system.

Healthcare Data Remains a Valuable Target

Cybercriminals often target healthcare organizations because they store large volumes of sensitive data.

Medical records contain identity information, insurance details, and personal data. Attackers can use this information for identity theft or fraud.

For this reason, healthcare systems and technology providers remain frequent targets for cyber attacks.

Over 20,000 Instagram Accounts Hijacked Through Meta AI Support Flaw

Nottingham University Data Breach Exposes Records of More Than 450,000 Students

DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Infrastructure

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Anthropic Unveils Claude Fable 5 with Built-In Cyber Safeguards as AI Security Enters a New Era

ATHR AI Vishing Platform Automates Voice Phishing at Scale

How Modern Businesses Can Measure Cyber Risk in Financial and Operational Terms Instead of Technical Guesswork

What Is Wiper Malware in Cybersecurity? Understanding One of the Most Destructive Types of Cyber Attacks

Why Delaying Software Updates Can Put Your Entire Digital Security at Risk

How Attackers Abuse Legitimate Windows Tools: Understanding LOLBins and Living-Off-the-Land Attacks

Brave Launches Paid ‘Origin’ Browser for Users Seeking a Cleaner, Privacy-First Experience

Apple Blocks $11 Billion in App Store Fraud as Mobile Threats Continue to Rise

Healthcare IT Firm Data Breach Exposes Information of 3.4 Million People