What TriZetto confirmed about the stolen data

TriZetto confirmed that hackers stole insurance eligibility transaction reports from its servers. The company disclosed this in a filing with Maine’s attorney general.

Those reports contained a mix of personal identifiers and health-related information, including:

  • Names
  • Dates of birth
  • Home addresses
  • Social Security numbers
  • Provider name
  • Demographic data
  • Health and insurance details

This combination matters because it isn’t just “contact info” or just “medical info.” It’s enough detail to link an individual to specific healthcare and insurance-related records, which raises the stakes for privacy and downstream misuse.

Timeline: breach access starting in 2024, discovered in 2025

TriZetto said it identified the breach on October 2, 2025, but later determined the attackers’ access went back to November 2024.

That gap is the detail that sticks with you: the company says the attackers were potentially in its systems for nearly a year before detection. And in a healthcare context—where eligibility checks are part of routine care workflows—any long dwell time can expand what attackers might be able to collect.

Who TriZetto is and why its role in healthcare makes this breach significant

TriZetto is a health tech company owned by Cognizant. According to TriZetto’s website, it serves around 200 million people across 875,000 healthcare providers in the U.S.

Its software is used by doctors’ offices and healthcare providers to assess patients’ insurance for medical treatments—a function that sits close to the operational heart of getting care approved, scheduled, and paid for. When systems supporting eligibility and insurance verification are involved, the exposed data can be both highly personal and highly standardized (which can make it easier to aggregate across many individuals).

Scope and impact: 3.4 million affected, but not every customer

TriZetto said more than 3.4 million people had their personal and health information stolen.

At the same time, TriZetto also stated that not every customer was affected by the breach. That suggests the theft may have been limited to certain systems, certain datasets, or certain customer environments—but the company’s confirmation still places the affected population in the millions.

Organizations confirming patient data exposure

Several organizations confirmed that their patients’ information was compromised in the cyberattack.

One named organization is OCHIN, described as a nonprofit consultancy firm providing healthcare technology to about 300 rural and community care providers across the United States. The report also notes that other healthcare providers across California have confirmed compromises as well.

This kind of confirmation pattern is common in healthcare incidents: a vendor discloses a breach at the platform level, and then individual provider organizations separately confirm whether their patient populations were included.

Detection delay and unanswered questions for Cognizant

A spokesperson for Cognizant did not immediately respond to a request for comment, including why it took the company a year to detect the breach.

That detail is important because it leaves a key question unresolved: not whether the breach happened (TriZetto confirmed it), but why the intrusion persisted long enough for the company to later trace access back to 2024.

How this incident fits into the broader pattern of health tech cyberattacks

TriZetto is described as the latest major health tech company to confirm a hack in recent years. The report points to the 2024 ransomware attack at Change Healthcare, another health tech giant that processes some 15 billion healthcare transactions, where hackers stole more than 192 million patient files.

The comparison underscores a grim theme: health tech platforms sit on massive volumes of sensitive data, and when they’re hit, the blast radius can be national in scale—touching patients, clinics, and the day-to-day mechanics of getting care.