Cyberattack at TriZetto Provider Solutions Affects its Healthcare Provider Clients

by

TriZetto Provider Solutions, a firm owned by Cognizant, which offers revenue management services to doctors, hospitals, and health networks, began notifying some healthcare clients regarding a recently uncovered cybersecurity incident.

On October 2, 2025, TriZetto identified suspicious activity within a web portal utilized by a number of its healthcare organization customers to access TriZetto systems. It took immediate action to secure the website and deal with the incident, and the cybersecurity company Mandiant investigated the activity, reviewed the security of the website platform, and ensured that the incident was completely remediated. TriZetto stated that the threat actor has been removed from its system. No other unauthorized web portal activity has been noticed since October 2, 2025.

Although the cybersecurity incident was detected not too long ago, the unauthorized access has been taking place for a long period of time. The forensic investigation reported that in November 2024, an unauthorized third party started accessing eligibility transaction records in the TriZetto system, that is about a year before discovering the unauthorized access. The reports within its storage area contained the protected health information (PHI) of patients of certain healthcare provider clients.

From October 2, 2025 to November 2025, Trizetto analyzed the data contained in the compromised system to find out the types of information involved and the people affected. Information breached in the attack includes the names of patients and primary insureds, along with some or all of the following data: address, birth date, health insurance member number (in some instances, Medicare beneficiary number), health insurance provider name, data concerning the primary insured or beneficiary, other demographic health and health insurance information, and Social Security number. TriZetto stated that no financial data was involved.

Breach notifications have been mailed to the impacted healthcare customers, who were given a listing of the affected individuals and a copy of the breached data. The HIPAA Breach Notification Rule calls for sending notification letters to the affected persons within 60 days of a HIPAA-covered entity being informed of a data breach at a business associate. Supposing the affected healthcare organizations adhere to that HIPAA requirement, it should have sent individual notifications for the affected people within 60 days.

TriZetto offered to manage the breach notifications on behalf of the impacted clients, should they say that breach notifications are needed under HIPAA. TriZetto has additionally offered to inform the HHS’ Office for Civil Rights, media outlets, and state regulators, on behalf of its covered entity customers, and will also pay the cost of complimentary fraud consultation, identity theft restoration, and credit monitoring services.

How many healthcare company clients were affected, or the magnitude of the data breach, is presently not certain. Given the fact that its system was compromised for 11 months, it can be a big data breach. Wait for more information to be available.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone