TriZetto Provider Solutions Discloses Year-Long Data Breach Affecting Healthcare Clients
TriZetto Provider Solutions, a Cognizant-owned revenue management services provider for healthcare organizations, has begun notifying healthcare clients about a cybersecurity incident involving unauthorized access to a web portal used by providers. The breach was first detected on October 2, 2025, when suspicious activity prompted immediate containment efforts. Cybersecurity firm Mandiant was engaged to investigate, confirming the threat actor had been removed from the system, with no further unauthorized access detected since the discovery.
Forensic analysis revealed the breach had been ongoing since November 2024, nearly a year before detection. The attacker accessed historical eligibility transaction reports containing protected health information (PHI) of patients from affected healthcare clients. Exposed data includes names, addresses, dates of birth, Social Security numbers, health insurance member numbers (including Medicare beneficiary IDs), insurer details, and other demographic and health-related information—though no financial data was compromised.
TriZetto completed its review of the compromised data by late November 2025, identifying the affected individuals and notifying impacted healthcare clients. Under the HIPAA Breach Notification Rule, affected providers must notify individuals within 60 days of being informed, meaning patient notifications are expected by early 2026. TriZetto has offered to manage breach notifications, regulatory filings (including to the HHS’ Office for Civil Rights), and media disclosures on behalf of its clients, as well as cover costs for credit monitoring, fraud consultation, and identity theft restoration services.
The full scope of the breach remains unclear, but given the 11-month window of unauthorized access, the incident could affect a significant number of patients. Updates are expected as further details emerge.
Source: https://www.hipaajournal.com/trizetto-provider-solutions-data-breach/
TriZetto Provider Solutions cybersecurity rating report: https://www.rankiteo.com/company/trizettoprovider
"id": "TRI1765483872",
"linkid": "trizettoprovider",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Healthcare provider clients '
'(physicians, hospitals, health '
'systems)',
'industry': 'Healthcare IT',
'name': 'TriZetto Provider Solutions',
'type': 'Business Associate (Healthcare Revenue '
'Management Services)'}],
'attack_vector': 'Web Portal Compromise',
'customer_advisories': 'Offer to handle breach notifications for affected '
'individuals, including credit monitoring and identity '
'theft restoration services',
'data_breach': {'file_types_exposed': 'Eligibility transaction reports',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Protected Health Information '
'and Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Names',
'Addresses',
'Dates of Birth',
'Social Security Numbers',
'Health Insurance Member Numbers',
'Medicare Beneficiary Numbers',
'Health Insurer Names',
'Demographic Health Information',
'Health Insurance Information']},
'date_detected': '2025-10-02',
'date_publicly_disclosed': '2025-11-01',
'date_resolved': '2025-11-30',
'description': 'TriZetto Provider Solutions, a Cognizant-owned provider of '
'revenue management services to physicians, hospitals, and '
'health systems, notified certain healthcare clients about a '
'cybersecurity incident involving unauthorized access to a web '
'portal used to access TriZetto systems. The breach involved '
'the exposure of protected health information of patients of '
'certain healthcare provider clients.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'TriZetto and affected healthcare '
'providers',
'data_compromised': 'Protected Health Information (PHI)',
'identity_theft_risk': 'High (due to exposure of SSNs, Medicare '
'numbers, and other PII)',
'legal_liabilities': 'Potential HIPAA violations and regulatory '
'fines',
'operational_impact': 'Mitigation and investigation efforts '
'required',
'payment_information_risk': 'None (no financial information '
'exposed)',
'systems_affected': 'Web portal used by healthcare provider '
'customers'},
'initial_access_broker': {'entry_point': 'Web portal',
'high_value_targets': 'Historical eligibility '
'transaction reports '
'containing PHI',
'reconnaissance_period': 'November 2024 to October '
'2025'},
'investigation_status': 'Completed (forensic investigation concluded)',
'post_incident_analysis': {'corrective_actions': 'Enhanced security measures '
'(details not specified)',
'root_causes': 'Unauthorized access to web portal '
'and prolonged undetected access to '
'historical reports'},
'references': [{'source': 'HIPAA Journal'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA Breach Notification '
'Rule'],
'regulatory_notifications': 'HHS’ Office for Civil '
'Rights, state '
'regulators, and media '
'outlets (offered by '
'TriZetto)'},
'response': {'communication_strategy': 'Notifications to affected healthcare '
'clients, offer to handle breach '
'notifications on their behalf',
'containment_measures': 'Immediate action to secure the web '
'portal',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Review of compromised data and '
'notification of affected clients',
'remediation_measures': 'Eradication of threat actor, forensic '
'investigation, and system review',
'third_party_assistance': 'Mandiant (cybersecurity firm)'},
'stakeholder_advisories': 'Notifications to affected healthcare clients with '
'lists of affected individuals and compromised data',
'threat_actor': 'Unauthorized Third Party',
'title': 'TriZetto Provider Solutions Data Breach',
'type': 'Data Breach'}