Cyber Incident Victim: TriZetto
Date:
Nov 2024
Location:
United States of America
Summary
TriZetto, a health technology company owned by Cognizant, suffered a cyberattack that resulted in the theft of personal and health information belonging to more than 3.4 million individuals. Hackers accessed the company's servers and exfiltrated insurance eligibility transaction reports containing sensitive data such as names, dates of birth, home addresses, Social Security numbers, provider details, demographic information, and health and insurance specifics. The breach remained undetected for an extended period, with the company only discovering the intrusion months after the attackers had gained access. Not all of its customers were impacted, but several healthcare providers, including OCHIN and various organizations in California, confirmed that their patients' data was compromised.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In March 2026, health technology giant TriZetto publicly confirmed a significant data breach impacting over 3.4 million individuals, disclosing that personal and health information was stolen during a cyberattack that occurred in 2024. The company, a subsidiary of multinational conglomerate Cognizant, provides critical insurance eligibility and assessment services to approximately 200 million people across 875,000 healthcare providers in the United States. According to a filing submitted to Maine’s attorney general, the attackers exfiltrated patients’ insurance eligibility transaction reports from TriZetto’s servers. The compromised data encompasses a wide range of sensitive personal information, including names, dates of birth, home addresses, and Social Security numbers, alongside specific healthcare-related details such as the patient’s provider name, demographic data, and health and insurance information. TriZetto stated that it identified the security incident on October 2, 2025, but its subsequent investigation revealed that the unauthorized actors had maintained access to its systems since at least November 2024, representing a dwell time of nearly eleven months before detection.
The breach’s scope extends to TriZetto’s customer base, though the company emphasized that not every one of its clients was affected. Several healthcare organizations have since confirmed that their patients’ information was compromised through this incident. Notably, OCHIN, a nonprofit consultancy that delivers healthcare technology solutions to around 300 rural and community care providers across the U.S., acknowledged its involvement. Additional healthcare providers in California have also reported impacts. Following the discovery of the breach on October 2, 2025, TriZetto, with support from its parent company Cognizant, took action to "eliminate the threat" to its environment, as stated by Cognizant spokesperson William Abelson. However, Abelson did not provide an explanation for the substantial delay between the initial attacker access in November 2024 and the company’s detection in October 2025. This incident positions TriZetto as the latest major health technology firm to confirm a large-scale hack, following a particularly disruptive ransomware attack on Change Healthcare in 2024 that resulted in the theft of over 192 million patient files and caused widespread outages affecting medical treatment and medication access across the country.