TL;DR: TriZetto Provider Solutions (a Cognizant-owned company that handles medical billing for hospitals and doctors) confirmed hackers stole data from 3.4 million patients. The breach happened in November 2024. They didn't detect the intrusion until October 2025, nearly a year later. Notifications started in December 2025. Stolen data includes Social Security numbers, medical records, health insurance information, dates of birth, and addresses. If you've received care at a hospital or clinic that uses TriZetto for billing, your data may be exposed.
A Year of Undetected Access
Here's a timeline that should make you question whether anyone is actually watching healthcare systems:
- November 2024: Hackers first access TriZetto systems [1]
- October 2, 2025: TriZetto detects "suspicious activity" in a web portal, 10 months later [2]
- December 9, 2025: Company begins notifying affected healthcare providers [3]
- March 6, 2026: TriZetto publicly confirms 3.4 million patients affected [1]
Ten months. Hackers had access to patient records for ten months before anyone noticed something was wrong. Whatever TriZetto was paying for security monitoring, they got ripped off.
What They Took
This isn't a breach where hackers grabbed some email addresses and moved on. They got the full package:
- Social Security numbers
- Medical records and treatment information
- Health insurance numbers and Medicare beneficiary numbers
- Names, addresses, and dates of birth
- Provider names and health insurer information
Social Security numbers don't expire. Medical records are permanent. This is data that can be used for identity theft, medical fraud, and insurance scams for decades.
Who Is TriZetto?
TriZetto Provider Solutions is a Missouri-based company owned by Cognizant, the $18 billion IT services giant. They describe themselves as a "revenue management" and "claims clearinghouse" company [2].
Translation: When your doctor sends a bill to your insurance company, there's a good chance TriZetto is handling the data in between. They're the middleware that connects healthcare providers to insurers. That means they see everything: your diagnoses, your treatments, your Social Security number, your insurance details.
You didn't sign up for TriZetto. Your doctor or hospital chose them. You probably never knew they existed until now.
The OCHIN Connection
One of the largest healthcare networks affected is OCHIN, a nonprofit that serves community health centers across the country. OCHIN confirmed that the TriZetto breach affected roughly 9% of their patient network [3].
According to OCHIN's website, they have more than 7.9 million patients in their Epic system. That means approximately 711,000 OCHIN patients were exposed through this single healthcare network alone [3].
If you've received care at a community health center or federally qualified health center, you may be in this group. These clinics serve some of the most vulnerable populations: people who already face barriers to healthcare and financial stability.
The Detection Problem
The breach started in November 2024. TriZetto "identified suspicious activity" in a web portal on October 2, 2025 [2].
That's 10 months of hackers inside the system, accessing patient records, and TriZetto's security tools caught nothing. Either they weren't monitoring, their monitoring was inadequate, or they saw something and didn't investigate.
None of those options are reassuring.
When TechCrunch reached out to TriZetto, the company declined to answer specific questions about what the hackers accessed or how long they maintained access [1]. The standard playbook: confirm the minimum, dodge the details.
The Healthcare Breach Epidemic
TriZetto is the latest in a brutal string of healthcare data breaches:
- Conduent: 26 million Americans exposed through Medicaid and government health programs
- Aflac: 22 million customers compromised by Scattered Spider hackers
- Community Health Center: 1 million patients affected
- AltaMed: Patient Social Security numbers and medical records stolen
Healthcare is now the most-targeted sector for ransomware and data theft. And it's not just hospitals. It's the entire supply chain. The billing companies, the claims processors, the IT vendors. Each one holds patient data, and each one is a potential breach point.
No Evidence of Misuse (Yet)
TriZetto says there's "no evidence at this time that people's info has been misused" [3].
That's healthcare breach boilerplate. It means they haven't confirmed misuse, not that misuse isn't happening. Medical identity theft can take months or years to surface. Victims often don't discover it until they get a bill for a surgery they never had or find their insurance maxed out on treatments they never received.
The company is offering affected individuals identity monitoring and credit protection services. If you get a notification letter, take them up on it. They owe you that much.
What You Should Do
If you've received care at any hospital, clinic, or doctor's office that uses TriZetto for billing (and you may not know if they do) take these steps:
- Freeze your credit. Call Equifax (800-349-9960), Experian (888-397-3742), and TransUnion (888-909-8872). A freeze is free and prevents anyone from opening accounts in your name.
- Request your medical records. Get copies from your healthcare providers and check for services you didn't receive. Medical identity theft creates false records that can affect your actual care.
- Get an IRS Identity Protection PIN. If your SSN was exposed, request an IP PIN to prevent tax fraud.
- Monitor your Explanation of Benefits. Insurance companies send EOBs for every claim. Read them. If you see a provider you didn't visit or a service you didn't receive, report it immediately.
- File a complaint with HHS. The HHS Office for Civil Rights investigates HIPAA violations. A company that takes 10 months to detect a breach deserves scrutiny.
The Real Question
How is it possible that a company handling 3.4 million patients' most sensitive data took 10 months to notice hackers in their systems?
Healthcare companies are supposed to comply with HIPAA, the Health Insurance Portability and Accountability Act. HIPAA requires reasonable security measures and prompt breach notification. TriZetto detected unauthorized access in October 2025 for a breach that started in November 2024.
Either their security was inadequate, or they knew and didn't say. Neither answer is acceptable when you're holding Social Security numbers and medical records for millions of people.
Cognizant is an $18 billion company. They have the resources for real security. The question is whether they chose to spend them.
Sources
- TechCrunch: TriZetto confirms 3.4M people's health and personal data was stolen during breach (March 6, 2026)
- GovInfoSecurity: Trizetto Notifying 3.4M of 2024 Hack Detected in 2025 (March 2026)
- The Record: Health insurance tech provider TriZetto says more than 3 million impacted by 2024 breach (March 2026)
- SC Media: Toll of TriZetto breach surpasses 3M (March 2026)
Published: March 7, 2026