Law Firm Investigates TriZetto Data Breach

The breach was first detected on October 2, 2025, but a subsequent investigation revealed that unauthorized access to TriZetto's systems began nearly a year earlier, in November 2024. This prolonged exposure increased the window of risk for the millions of individuals whose data was compromised. An estimated 3.4 million people were impacted by the data breach. The compromised information is extensive and includes sensitive personal and health-related data such as names, addresses, dates of birth, Social Security numbers, and health insurance member information. TriZetto Provider Solutions, a subsidiary of Cognizant, provides revenue cycle management and software services to the healthcare industry. The breach occurred within a web portal used by healthcare providers to access TriZetto's systems for insurance eligibility verification transactions. Multiple class-action lawsuits have been filed against Cognizant and TriZetto in federal courts. The lawsuits allege that the companies failed to implement adequate data security measures and did not provide timely notification to affected individuals, hindering their ability to protect themselves from potential fraud. The investigation into the breach was conducted with the assistance of the cybersecurity firm Mandiant. While TriZetto has stated that the "threat actor has been eradicated from its system," the delayed detection and the sheer volume of compromised data have raised significant concerns about the company's cybersecurity practices. In response to the breach, TriZetto began mailing notice letters to affected individuals and is offering 12 months of free credit monitoring and identity protection services through Kroll. The company has also informed law enforcement and stated it has implemented additional security protocols.