Health insurance tech provider TriZetto says more than 3 million impacted by 2024 breach

Steven

Health insurance tech provider TriZetto says more than 3 million impacted by 2024 breach

Summary

TriZetto Provider Solutions, a healthcare IT vendor handling insurance eligibility verification and billions of transactions, disclosed that a 2024 breach affected millions of Americans. The company discovered the incident in October and says the intrusion began in November 2024, when an unauthorised actor used a web portal to access historical eligibility reports.

This week TriZetto reported to Oregon’s Department of Justice that 3,433,965 people were impacted. States where breach notifications were filed include Oregon, New Hampshire, California, South Carolina, Massachusetts, Vermont and Texas. Texas reported 171,158 victims; South Carolina reported 3,562. Some private providers in Oklahoma and other states also confirmed exposure. TriZetto — a Cognizant subsidiary — and Cognizant did not publicly comment on the total figures.

Law enforcement was notified, and TriZetto hired Mandiant (a Google-owned incident response firm) to investigate. Affected people are being offered one year of credit monitoring. The incident follows wider concerns about third-party vendor risk and prior litigation involving Cognizant.

Key Points

  • A breach at TriZetto, discovered in October 2025, began in November 2024 and exposed insurance eligibility records.
  • TriZetto reported 3,433,965 people impacted to Oregon’s Department of Justice.
  • State breach notices filed in NH, CA, SC, MA, VT and TX; Texas reported 171,158 victims and South Carolina 3,562.
  • Exposed data reportedly includes Social Security numbers, addresses, health insurance numbers and other sensitive healthcare information.
  • TriZetto engaged Mandiant for incident response and notified law enforcement; affected individuals are offered one year of credit monitoring.
  • TriZetto is a Cognizant subsidiary; Cognizant previously faced litigation tied to a separate cyber incident, highlighting supply-chain risk.
  • Some affected parties are county governments and private medical providers across multiple states.

Context and relevance

This breach underlines an ongoing industry trend: third-party vendors handling health and insurance data are high-value targets and can amplify impact across providers and jurisdictions. For healthcare organisations and regulators, the incident raises questions about vendor access controls, logging, historical-data exposure and breach-notification processes.

For patients, the key concern is the sensitivity of leaked information (including SSNs and insurance identifiers) and the potential for fraud or identity theft. For security teams, the case reinforces the need for stricter vendor risk management, rapid detection, and robust incident response arrangements with external providers.

Why should I read this

Because this is a big, messy vendor breach that could touch millions of patients and dozens of healthcare providers — and if you work in healthcare, insurance or security (or you’re a patient worried about your data), you’ll want to know what happened, whether you were notified, and what protection is being offered. Quick read, saves you the time of digging through state notices.

Author’s take

Punchy and clear: TriZetto’s scale makes this headline-worthy. Millions affected, multiple state filings, and a vendor-of-record status means fallout could be broad. If you’re responsible for data protection or customer notification, treat this as a reminder to recheck vendor access logs, notification responsibilities and remediation plans.

Source

Source: https://therecord.media/trizetto-healthcare-tech-company-data-breach-update