Cyber Incident Victim: TriZetto Provider Solutions

On November 2024, an unauthorized actor commenced accessing certain records within the systems of TriZetto Provider Solutions, a subsidiary of Cognizant Technology Solutions that provides software and services connecting healthcare payers and providers. The compromised records were specifically tied to insurance eligibility verification transactions, which are processed by healthcare providers to determine a patient's insurance coverage for proposed treatment services. This illicit access remained ongoing until its detection. On October 2, 2025, TriZetto's security team identified suspicious activity within its client web portal, the interface used by providers to submit these verification requests. Upon this discovery, the company immediately initiated a formal investigation, enlisting the assistance of external cybersecurity experts to analyze the scope and impact of the incident. Through this forensic inquiry, TriZetto determined that the unauthorized access had begun approximately eleven months prior, in November 2024, and that the attacker had exfiltrated sensitive personal information contained within the eligibility verification records. The company publicly disclosed the cybersecurity incident on November 28, 2025, confirming the breach to its clients and the broader public, with subsequent details disseminated through press releases in March 2026.

The data breach exposed a wide array of personally identifiable and protected health information. The compromised files may include individuals' full names, physical addresses, dates of birth, and Social Security numbers, alongside specific health insurance member details and general demographic data. This information is critical for processing medical claims and verifying patient coverage, making its exposure particularly severe for affected individuals. TriZetto Provider Solutions estimated that approximately 3.4 million people may have had their personal data compromised in this incident. In response to the confirmed breach, the company commenced a standardized notification process, beginning to mail formal breach notification letters to all individuals whose information was potentially affected. These letters are intended to inform recipients of the incident, the types of data involved, and steps they can take to monitor their personal information. Concurrently, TriZetto's ongoing investigation, conducted with its cybersecurity consultants, continues to assess the full technical details of the attacker's methods, the precise systems accessed, and any additional data elements that may have been viewed or copied. The incident has also prompted legal scrutiny, with the law firm Edelson Lechtzin LLP announcing an investigation into potential class action litigation on behalf of affected individuals, seeking remedies for the exposure of their sensitive personal and health-related data.