TriZetto Confirms 2024 Cyberattack Exposing 3.4 Million Patients’ Data
Health technology firm TriZetto, a subsidiary of Cognizant, disclosed a 2024 cyberattack that compromised the personal and health information of over 3.4 million individuals. The breach, detected on October 2, 2025, remained undetected for nearly a year, with hackers gaining access as early as November 2024.
TriZetto, which processes insurance eligibility transactions for 200 million patients across 875,000 U.S. healthcare providers, confirmed in a filing with Maine’s attorney general that stolen data included names, dates of birth, addresses, Social Security numbers, provider details, and insurance information. The company stated that not all customers were affected.
Affected organizations include OCHIN, a nonprofit serving 300 rural and community care providers, as well as multiple California-based healthcare entities. Cognizant confirmed the threat was neutralized but did not explain the delayed detection.
This incident follows the 2024 ransomware attack on Change Healthcare, which disrupted U.S. medical services and exposed 192 million patient records. TriZetto’s breach underscores ongoing vulnerabilities in the healthcare sector’s cybersecurity defenses.
OCHIN, Inc. cybersecurity rating report: https://www.rankiteo.com/company/ochin
Cognizant cybersecurity rating report: https://www.rankiteo.com/company/cognizant
TriZetto Healthcare cybersecurity rating report: https://www.rankiteo.com/company/trizetto-healthcare
"id": "OCHCOGTRI1772814516",
"linkid": "ochin, cognizant, trizetto-healthcare",
"type": "Breach",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '3.4 million individuals',
'industry': 'Healthcare',
'location': 'U.S.',
'name': 'TriZetto',
'type': 'Health Technology Firm'},
{'industry': 'Healthcare',
'location': 'U.S.',
'name': 'OCHIN',
'size': 'Serving 300 rural and community care '
'providers',
'type': 'Nonprofit'},
{'industry': 'Healthcare',
'location': 'California, U.S.',
'name': 'Multiple California-based healthcare entities',
'type': 'Healthcare Providers'}],
'data_breach': {'number_of_records_exposed': '3.4 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Addresses',
'Social Security numbers',
'Provider details',
'Insurance information']},
'date_detected': '2025-10-02',
'description': 'Health technology firm TriZetto, a subsidiary of Cognizant, '
'disclosed a 2024 cyberattack that compromised the personal '
'and health information of over 3.4 million individuals. The '
'breach remained undetected for nearly a year, with hackers '
'gaining access as early as November 2024. Stolen data '
'included names, dates of birth, addresses, Social Security '
'numbers, provider details, and insurance information.',
'impact': {'data_compromised': 'Personal and health information of over 3.4 '
'million individuals',
'identity_theft_risk': 'High'},
'references': [{'source': 'Maine’s attorney general filing'}],
'regulatory_compliance': {'regulatory_notifications': 'Filing with Maine’s '
'attorney general'},
'response': {'containment_measures': 'Threat neutralized'},
'title': 'TriZetto Confirms 2024 Cyberattack Exposing 3.4 Million Patients’ '
'Data',
'type': 'Data Breach'}