TriZetto Provider Solutions, a healthcare technology subsidiary of Cognizant, has confirmed a major cybersecurity incident that exposed the sensitive health information of 3,433,965 patients.
According to a recently filed data breach notification, malicious actors successfully infiltrated and compromised TriZetto’s external systems, highlighting the growing risks facing the healthcare supply chain and third‑party service providers.
Breach Timeline and Scope
The unauthorized access began on November 19, 2024, but TriZetto did not detect the intrusion until November 28, 2025 meaning attackers operated undetected within the company’s external network for over a year. The incident has been classified as an external system hacking event.
During this time, the attackers exfiltrated extensive patient data, including full names, personal identifiers, and sensitive medical information. The long dwell time raises significant concerns about threat detection, monitoring, and incident response practices within the healthcare technology sector.
TriZetto formally notified the Maine Attorney General’s office on February 6, 2026, through legal counsel Edward Zacharias of McDermott Will & Schulte. Of the millions affected nationwide, 1,128 Maine residents were among the victims. This event ranks among the largest and most impactful healthcare supply chain breaches in recent years.
Response and Support for Victims
Once the breach was finally discovered, TriZetto launched an internal investigation and began issuing notifications to affected individuals on February 6, 2026, in accordance with regulatory disclosure requirements.
Given that the stolen data includes highly sensitive personal and medical information, victims now face an increased likelihood of:
- targeted spear‑phishing attacks
- medical identity theft
- financial fraud
TriZetto is sending written notices to all impacted individuals and has partnered with Kroll to provide 12 months of free credit monitoring and identity theft protection.
Cybersecurity experts strongly recommend that affected patients:
- freeze their credit with all major bureaus
- monitor medical bills and insurance statements for unauthorized activity
- remain alert for suspicious emails or calls that could leverage stolen data
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
