TriZetto Hack Exposes Data of 3.4 Million U.S. Patients
Health technology company TriZetto, a Cognizant subsidiary that processes insurance-eligibility checks for doctors and hospitals, has confirmed that hackers stole personal and medical information on more than 3.4 million people in a breach of its systems. The firm says attackers accessed insurance eligibility transaction reports that can include names, dates of birth, home addresses, Social Security numbers, insurance details, provider names and demographic data linked to medical records. TriZetto detected the breach on Oct. 2, 2025, but later found the intrusion may have begun as early as November 2024, meaning hackers may have been inside its network for nearly a year before discovery. The company’s systems help support healthcare operations tied to about 200 million people through more than 875,000 providers nationwide, and organizations such as nonprofit tech group OCHIN and unnamed California providers have already acknowledged that their patients’ data were swept up in the attack. The incident underscores the growing risk posed by attacks on little-known but deeply embedded health-IT middlemen, and it is fueling fresh questions from cybersecurity experts about how long adversaries can lurk in critical healthcare systems before anyone notices.
📌 Key Facts
- TriZetto, an insurance verification technology company owned by Cognizant, confirmed a data breach affecting more than 3.4 million people.
- Stolen data came from insurance eligibility transaction reports and may include names, dates of birth, addresses, Social Security numbers, insurance information, provider names and health-related demographics.
- The breach was discovered on October 2, 2025, but investigators believe hackers may have had access since November 2024.
- TriZetto’s systems support operations tied to about 200 million people via more than 875,000 healthcare providers across the United States.
- Nonprofit OCHIN and some California healthcare providers have notified patients that their data were exposed through the TriZetto incident.
📊 Relevant Data
The number of individuals affected by large healthcare data breaches in the US increased by 193.5% from 2022 to 2023, and by 58% from 2023 to 2024, despite a slight decline in the number of breaches.
Healthcare Data Breach Statistics — The HIPAA Journal
Rural hospitals in the US are more vulnerable to ransomware attacks than urban hospitals, often due to smaller size, limited resources, and lack of affiliation with large health systems.
Rural hospitals may be more vulnerable to ransomware attacks — University of Minnesota School of Public Health
In healthcare data breaches, detection delays often exceed several months, with human factors such as carelessness, negligence, and phishing contributing to prolonged intruder dwell times.
Human Factors in Electronic Health Records Cybersecurity Breach — PMC - NIH
73% of small and rural hospitals in the US lack adequate cybersecurity infrastructure to defend against cyber threats, compared to higher readiness in larger urban facilities.
Rural Healthcare Cybersecurity Readiness Declines Alarmingly — GovHealth
📰 Source Timeline (1)
Follow how coverage of this story developed over time