TriZetto Provider Solutions, which is owned by Cognizant and offers revenue management services to various healthcare entities including physicians, hospitals, and health systems, has begun informing certain clients in the healthcare sector about a recently discovered cybersecurity breach. On October 2, 2025, unusual activity was noticed within a specific web portal utilized by some of its healthcare provider customers for accessing TriZetto systems. Immediate steps were taken to secure the web portal and address the incident, and the cybersecurity firm Mandiant was brought in to investigate the activity, review the web portal application’s security, and ensure the incident is completely resolved. TriZetto has expressed confidence that the threat actor has been removed from its system, and no further unauthorized web portal activity has been observed since October 2, 2025.
Although the cybersecurity incident was only recently discovered, the unauthorized access had been ongoing for a significant duration. The forensic investigation determined that an unauthorized third party initially began accessing historical eligibility transaction reports within the TriZetto system in November 2024, nearly a year before the unauthorized access was discovered. The reports stored in its system included the protected health information of patients belonging to certain healthcare provider clients.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
Between October 2, 2025, and the end of November 2025, TriZetto conducted a review of the data within the compromised system to determine the categories of data involved and the affected individuals. The information compromised in this incident includes the names of patients and primary insureds, along with some or all of the following: address, date of birth, Social Security number, health insurance member number which in some cases was a Medicare beneficiary number, health insurer name, details about the primary insured or beneficiary, and other demographic health and health insurance information. TriZetto has stated that no financial information was involved.
Notifications have been sent to the affected healthcare clients, providing them with a list of the impacted individuals and a copy of the compromised data. The HIPAA Breach Notification Rule mandates that notifications be issued to affected individuals within 60 days of a HIPAA-covered entity being informed about a data breach at a business associate. Assuming the affected healthcare providers adhere to this HIPAA requirement, individual notifications for the impacted individuals are expected to be mailed within 60 days.
TriZetto has proposed to manage the breach notifications on behalf of the affected clients if they determine that breach notifications are required under HIPAA. Additionally, TriZetto has offered to notify the HHS’ Office for Civil Rights, state regulators, and media outlets on behalf of its covered entity clients, and will also cover the expense of providing complimentary credit monitoring, fraud consultation, and identity theft restoration services. The total number of affected healthcare provider clients or the overall scale of the data breach remains uncertain. Given that its system was compromised for eleven months, the data breach could potentially be substantial.
Source: Trizetto Provider Solutions Alerts Healthcare Providers About A Data Breach