A massive data breach at Cognizant’s TriZetto Provider Solutions has resulted in the exposure of sensitive medical and personal records for over 3.4 million individuals. Although the source of the intrusion remains unknown and no ransomware groups have claimed credit, the company has begun notifying the public of the security failure.
TriZetto Provider Solutions operates as a major healthcare technology hub, managing critical infrastructure like billing, claims processing, and revenue cycles for hospitals and insurers. The breach was first identified in early October 2025 when IT staff noticed suspicious activity within a portal used by healthcare providers. A subsequent forensic investigation uncovered that an unauthorized party had been accessing insurance eligibility records for nearly a year, starting as far back as November 2024.
The information compromised in the attack includes a wide range of sensitive identifiers such as names, birth dates, and Social Security numbers, alongside specific insurance and provider details. While the company confirmed that bank accounts and credit card numbers were not part of the stolen data set, the sheer volume of demographic and health-related information puts millions at risk. According to formal notifications, there is currently no evidence that the stolen data has been used for identity theft or fraudulent transactions.
In response to the discovery, TriZetto engaged external cybersecurity specialists and law enforcement to secure their network and prevent further leaks. The company has since implemented more rigorous safeguards within its web portals and administrative systems to close the vulnerabilities that allowed the long-term access. Affected patients began receiving official notifications regarding the status of their data toward the end of 2025 as the full scope of the exposure became clear.
To mitigate the potential impact on those affected, the firm is providing a year of complimentary identity protection services, which includes credit monitoring and fraud alerts through a third-party security firm. They have also established a dedicated helpline to answer questions from concerned patients and assist them in navigating the recovery process. These measures are intended to provide a safety net for individuals whose private medical history and government identifiers were left vulnerable.
Despite the lack of reported fraud so far, security experts and the company itself are urging the 3.4 million impacted individuals to remain highly vigilant. This includes frequently checking financial statements for unauthorized charges and monitoring credit reports for any new accounts opened in their names. The incident serves as a stark reminder of the persistent threats facing the healthcare sector and the long-term risks associated with the exposure of permanent personal data.
Source: TriZetto Provider Solutions Breach Exposes Data Of Over 3.4M Patients