TriZetto Provider Solutions, a healthcare technology company owned by Cognizant, has disclosed a major cybersecurity breach that exposed sensitive health information of 3,433,965 patients.
The company recently filed a data breach notification confirming that attackers gained unauthorized access to its external systems. The breach exposed personal information along with healthcare-related data of millions of individuals.
The incident is another example of the growing cybersecurity risks in the healthcare supply chain, especially when third-party technology providers handle large amounts of sensitive patient data.
The company said the initial unauthorized access happened on November 19, 2024. However, the intrusion was only discovered on November 28, 2025. This means attackers were able to remain inside the company’s systems for more than a year before the breach was detected.
According to the breach filing, cybercriminals accessed databases that contained patient names along with other personal identifiers linked to healthcare information. Such data can be valuable for identity theft and targeted scams.
The breach was reported to the Maine Attorney General’s office on February 6, 2026. The filing was submitted by legal counsel Edward Zacharias from the law firm McDermott Will & Schulte. Although the breach affects people across the United States, the filing mentions that 1,128 residents of Maine were impacted.
Given the number of affected individuals, the incident is one of the larger healthcare supply chain breaches reported in recent times.
After discovering the breach, TriZetto launched an internal investigation and began notifying affected individuals on February 6, 2026. The company is sending written notification letters to patients as part of regulatory disclosure requirements.
Because the stolen data includes personal identifiers connected with medical records, affected individuals could face risks such as medical identity theft, financial fraud, and targeted phishing attacks.
To help affected patients, the company has partnered with cybersecurity and risk management firm Kroll. The company is offering 12 months of free single-bureau credit monitoring along with identity theft protection services.
Security experts advise affected individuals to remain cautious. They recommend monitoring financial accounts, checking medical billing statements for suspicious activity, and considering a credit freeze to prevent misuse of personal information.
Related Posts
