• Home
  • cyber
  • OCHIN, TriZetto Provider Solutions and SFCHC: San Francisco Community Health Center Data Breach Investigation
cyber Breach

OCHIN, TriZetto Provider Solutions and SFCHC: San Francisco Community Health Center Data Breach Investigation

Oct 2, 2025 2 min read
OCHIN, TriZetto Provider Solutions and SFCHC: San Francisco Community Health Center Data Breach Investigation

SFCHC Reports Data Breach Affecting Patient Information via Third-Party Vendor

San Francisco Community Health Center (SFCHC) disclosed a data breach involving sensitive patient information, stemming from a security incident at one of its business associates. On December 12, 2025, SFCHC was alerted by OCHIN a vendor managing its electronic health record system that TriZetto Provider Solutions (TriZetto), a subcontractor handling healthcare eligibility and claims, had experienced unauthorized access to its systems.

TriZetto’s investigation confirmed that an unauthorized third party may have accessed patient data linked to SFCHC between November 2024 and October 2, 2025. The exposed information varies by individual but includes names, Social Security numbers, addresses, dates of birth, and health insurance details such as member numbers, insurer names, and provider information.

SFCHC has since reviewed the impacted data to identify affected individuals and began mailing breach notification letters. In compliance with California regulations, the notices outline the specific types of compromised information and offer complimentary credit monitoring services to those affected. The breach report filed with the California Attorney General’s office provides further details.

Source: https://straussborrelli.com/2026/01/12/san-francisco-community-health-center-data-breach-investigation/

OCHIN, Inc. cybersecurity rating report: https://www.rankiteo.com/company/ochin

TriZetto Provider Solutions cybersecurity rating report: https://www.rankiteo.com/company/trizettoprovider

San Fernando Community Health Center cybersecurity rating report: https://www.rankiteo.com/company/sanfernandochc

"id": "OCHTRISAN1768259195",
"linkid": "ochin, trizettoprovider, sanfernandochc",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Patients of SFCHC',
                        'industry': 'Healthcare',
                        'location': 'San Francisco, California, USA',
                        'name': 'San Francisco Community Health Center (SFCHC)',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Healthcare IT',
                        'name': 'TriZetto Provider Solutions',
                        'type': 'Healthcare Clearinghouse'},
                       {'industry': 'Healthcare IT',
                        'name': 'OCHIN',
                        'type': 'Business Associate'}],
 'attack_vector': 'Third-Party Compromise',
 'customer_advisories': 'Data breach notification letters mailed to impacted '
                        'individuals with details of the incident and '
                        'complimentary credit monitoring services',
 'data_breach': {'personally_identifiable_information': ['Name',
                                                         'Social Security '
                                                         'number',
                                                         'Address',
                                                         'Date of birth',
                                                         'Health insurance '
                                                         'information (member '
                                                         'number, health '
                                                         'insurer name, '
                                                         'provider name, '
                                                         'primary insured and '
                                                         'dependents)'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Identifiable '
                                              'Information',
                                              'Protected Health Information']},
 'date_detected': '2025-12-12',
 'description': 'SFCHC reported a data breach where sensitive personal '
                'identifiable information and protected health information may '
                'have been compromised. The breach was discovered through a '
                'notification from OCHIN, SFCHC’s business associate, '
                'regarding a security incident involving TriZetto Provider '
                'Solutions, a subcontractor of OCHIN. Unauthorized access to '
                'sensitive data related to SFCHC patients occurred between '
                'November 2024 and October 2, 2025.',
 'impact': {'data_compromised': 'Sensitive personal identifiable information '
                                'and protected health information',
            'identity_theft_risk': 'High',
            'systems_affected': 'TriZetto Provider Solutions systems '
                                '(healthcare eligibility and claims '
                                'clearinghouse)'},
 'investigation_status': 'Ongoing',
 'recommendations': 'Provision of complimentary credit monitoring services to '
                    'affected individuals',
 'references': [{'source': 'Attorney General of California Breach Notice'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA'],
                           'regulatory_notifications': 'Breach notice filed '
                                                       'with the Attorney '
                                                       'General of California'},
 'response': {'communication_strategy': 'Data breach notification letters '
                                        'mailed to impacted individuals; '
                                        'breach notice filed with the Attorney '
                                        'General of California',
              'remediation_measures': 'Review of impacted data, identification '
                                      'of affected individuals, and mailing of '
                                      'data breach notification letters',
              'third_party_assistance': 'TriZetto launched an investigation'},
 'threat_actor': 'Unauthorized Third Party',
 'title': 'SFCHC Data Breach Involving TriZetto Provider Solutions',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.