Law Firm Probes TriZetto Data Breach

TriZetto Provider Solutions, a subsidiary of IT services giant Cognizant, experienced a data breach that exposed the personal and health information of over 3.4 million individuals. The breach, which began in November 2024, went undetected for nearly a year until suspicious activity was identified on October 2, 2025. The compromised data included a wide range of sensitive information such as names, addresses, dates of birth, Social Security numbers, and health insurance member numbers. The breach specifically impacted records related to insurance eligibility verification transactions. Financial information like bank account or payment card details were not exposed. The incident originated within a web portal used by some of TriZetto's healthcare provider clients to access its systems. Unauthorized actors gained access to historical eligibility transaction reports stored on TriZetto's systems. TriZetto, which was acquired by Cognizant in 2014 for $2.7 billion, provides revenue cycle management and other IT services to the healthcare industry. The company has stated that it took immediate action to secure its systems upon discovering the breach and engaged cybersecurity firm Mandiant to investigate. Affected healthcare providers were initially notified of the breach on December 9, 2025, with notifications to the individuals whose data was compromised following in early February 2026. In response to the breach, nearly two dozen federal class-action lawsuits have been filed against TriZetto and Cognizant, alleging negligence in protecting sensitive data. The breach has impacted patients of numerous healthcare organizations that use TriZetto's services, including community health clinics and behavioral health providers. For instance, OCHIN, a company that manages electronic health records for a network of providers, estimated that about 9% of its members' patient population was affected.