TriZetto confirms 3.4M people’s health and personal data was stolen during breach
Source: TechCrunch
Breach overview
Health tech giant TriZetto has confirmed that more than 3.4 million people’s personal and health information was stolen in a 2024 cyberattack, which the company failed to detect for almost a year.
The tech company, owned by multinational conglomerate Cognizant, serves around 200 million people across 875 000 healthcare providers throughout the U.S., according to its website. Doctors’ offices and healthcare providers use TriZetto to assess patients’ insurance for medical treatments.
TriZetto said in a filing with Maine’s attorney general that hackers stole patients’ insurance‑eligibility transaction reports from the company’s servers.
Data stolen
The data includes personal information such as:
- Patients’ names
- Dates of birth
- Home addresses
- Social Security numbers
and healthcare‑related information, including:
- Provider’s name
- Demographic data
- Health and insurance details
Timeline
- October 2 2025 – TriZetto identified the breach.
- November 2024 – Later investigation revealed that hackers had accessed the systems as far back as this date.
Cognizant spokesperson William Abelson said the company “eliminated the threat” to its environment, but did not explain why detection took nearly a year.
Affected organizations
Several organizations have confirmed that their patients’ information was compromised in the cyberattack, including:
- OCHIN – a nonprofit consultancy that provides healthcare technology to roughly 300 rural and community‑care providers across the United States.
- Additional healthcare providers across California have also confirmed exposure.
TriZetto noted that not every customer was affected by the breach.
Related incidents
TriZetto is the latest major health‑tech company to confirm a hack in recent years. In 2024, a ransomware attack at Change Healthcare—which processes about 15 billion healthcare transactions—allowed hackers to obtain more than 192 million patient files. The breach caused widespread outages across the U.S., leaving many without access to medical treatments or medications.
Updated with comment from Cognizant.