TriZetto Provider Solutions, owned by Cognizant, which provides hospitals, doctors, and health systems with revenue management services, has began informing some healthcare clients regarding a recently discovered cybersecurity breach.
On October 2, 2025, TriZetto Provider Solutions detected suspicious activity in a web portal while a few of its healthcare provider clients used it to access the TriZetto platform. It immediately took action to secure the web portal and deal with the incident. Cybersecurity company Mandiant investigated the suspicious activity, checked the security of the web portal program, and made sure that the incident is under control. TriZetto is pleased to say that the attacker has been removed from its network. Since October 2, 2025, no other unauthorized activity has been detected in its web portal.
Although the cybersecurity breach was just recently discovered, the unauthorized access was happening for a long time. According to the forensic investigation, an unauthorized third party first began accessing files inside the TriZetto system since November 2024, about one year before detecting the unauthorized access. The files inside included the protected health information (PHI) of patients of some healthcare provider customers.
From October 2, 2025 to the late November 2025, Trizetto analyzed the breached data to find out the types of data and the people affected. The breached data included the names of patients and primary insureds, along with any of these data: address, birth date, Social Security number, medical insurance member number, health insurance provider name, details concerning the primary insured or beneficiary, and other demographic health and medical insurance details. The breached data did not include financial data.
In compliance with the HIPAA Breach Notification Rule, Trizetto issued notifications to the affected healthcare provider clients, and provided them with a listing of the affected individuals and their affected data. The affected healthcare provider clients should also send notifications to the affected individuals within 60 days.
TriZetto offered to handle the sending of breach notifications on behalf of the affected healthcare provider clients, if necessary. TriZetto likewise offered to take responsibility of notifying the HHS’ Office for Civil Rights, state regulators, and the press on behalf of their clients, The cost of the free credit monitoring, and identity theft restoration services will be covered by TriZetto.
The number of the healthcare provider clients impacted by the data breach is still unclear. Considering that the system breach had happened for 11 months, many healthcare providers were likely affected including the following:
- CE-Edinger Medical Group in California
- Friends of Family Health Center in California
- Gardner Health Services in California with 6,197 affected individuals
- Harmony Health Medical Clinic and Family Resource Center in California
- Mission Neighborhood Health Center in California with 3,741 affected individuals
- Native American Health Center in California
- Open Door Community Health Centers in California
- One Community Health in California with 4,309 affected individuals
- Lifelong Medical Care in California
- Lynn Community Health in Massachusetts
- San Francisco Community Health Center in California
- Share Ourselves, California with 2,864 affected individuals
The following were affected because OCHIN, their business associate, had TriZetto as a subcontractor:
- La Clinica de la Raza in California
- Planned Parenthood Northern California
- Santa Barbara County Health Department in California
- Santa Rosa Community Health Centers in California.
Image credits: Sodapeaw, Adobestock / logo©TriZetto
