Compromise Affects Healthcare Clients of TriZetto’s Revenue Cycle Management Services
In a significant incident revealing vulnerabilities within the healthcare sector, TriZetto Provider Solutions is notifying over 3.4 million individuals about a serious hacking event that began nearly a year prior. Investigations have traced the onset of unauthorized access to sensitive insurance-related data back to November 2024, with the breach only being detected in October 2025. This revelation shines a light on concerning security lapses in the management of healthcare data and the subsequent repercussions for clients and patients alike.
TriZetto, which operates as a revenue cycle management software unit and claims clearinghouse under Cognizant, initially acknowledged the hacking incident in December. The company has confirmed that dozens of its healthcare clients were impacted, although they have not publicly specified how many. The U.S. Department of Health and Human Services noted the breach through its HIPAA Breach Reporting Tool, listing an alarming count of affected individuals exceeding 3.43 million.
A number of TriZetto’s clients have come forward to announce that they, too, have experienced ramifications from the breach. Cascadia Health, a provider based in Portland, Oregon, revealed in a notice that approximately 1,800 of its patients’ data may have been compromised due to the incident. This situation highlights the intricate relationships between healthcare providers and third-party service vendors, underscoring the critical nature of data security in collaborative healthcare efforts. Cascadia clarified that the breach did not originate within its own systems but rather through TriZetto, which provides billing services related to OCHIN Epic, the electronic health record system managed by Cascadia.
In addition to Cascadia, several community health clinics such as Gardner Health Services in San Jose, California, and the San Francisco Community Health Center have also disclosed that they were affected by the TriZetto incident. OCHIN has estimated that around 9% of its patient network was impacted by the breach, though it has refrained from revealing precise figures concerning individual client impact.
TriZetto communicated with affected individuals through notification letters, elaborating on the timeline of the breach. In these letters, the company indicated that on October 2, 2025, they identified suspicious activity within a web portal utilized by some healthcare clients. Upon further investigation, it came to light that hackers had been surreptitiously accessing vital records pertaining to insurance eligibility verification transactions since November 2024.
The breadth of compromised information varies for different individuals but may include sensitive data such as names, addresses, birthdates, Social Security numbers, health insurance member numbers, and details about healthcare providers and insurers. Notably, the breach reportedly did not encompass payment card, bank account, or any other financial information.
Following the incident, TriZetto has taken measures to amplify its data security, which includes notifying law enforcement and implementing additional security protocols to curb the possibility of future breaches.
Experts emphasize that various factors contribute to delays in identifying hacking attempts within organizations. Disturbingly, some of these risk drivers include the use of reported stolen credentials, an over-reliance on data loss prevention systems instead of robust behavior monitoring strategies, and alert fatigue within cybersecurity teams. Steven Adler, a partner at The Edmund Group and former risk management executive at health insurer Humana, articulated that a "low and slow strategy" often leads hackers to escape detection, allowing them to siphon off sensitive data without raising alarms.
The complexity of investigating such breaches is not to be underestimated. It necessitates analyzing a vast array of distributed data assets, assessing potential harm in both federal and state contexts, and fulfilling regulatory obligations regarding notifications. Furthermore, it involves identifying affected customers while developing appropriate communications, both internally and externally.
As of early March, TriZetto and its co-defendant Cognizant are facing nearly two dozen proposed federal class action lawsuits stemming from the data breach. The lawsuits assert claims of negligence against TriZetto, alleging it failed to adequately protect sensitive personal information, thereby exposing individuals to risks of identity theft and other fraudulent activities. The plaintiffs are seeking both financial damages and injunctive relief, aiming to ensure that TriZetto enhances its data security measures to prevent future occurrences.
This incident underscores a pressing issue within the healthcare industry: the dire need for heightened vigilance and improved cybersecurity strategies, particularly where sensitive patient information is involved. As reliance on digital systems continues to grow, ensuring robust protection against breaches becomes increasingly vital for healthcare organizations and their clients.