TriZetto Provider Solutions: Health insurance tech provider TriZetto says more than 3 million impacted by 2024 breach

Massive U.S. Healthcare Data Breach Exposes Millions in Sensitive Information

A 2024 data breach at TriZetto Provider Solutions, a healthcare technology company handling over four billion insurance transactions annually, has exposed the sensitive information of 3.4 million people across the U.S. The breach, which began in November 2024, was discovered in October after a hacker accessed historical eligibility reports through a web portal.

Impact and Scope
Initially, Oregon county governments reported that 700,000 residents had data leaked, including Social Security numbers, addresses, and health insurance details. This week, TriZetto updated the figure to 3,433,965 affected individuals, filing breach notifications in New Hampshire, California, South Carolina, Massachusetts, Vermont, and Texas. Only Texas (171,158 victims) and South Carolina (3,562 victims) reported specific numbers. Private medical providers in Oklahoma and other states also confirmed exposure.

Investigation and Response
TriZetto hired Mandiant (Google’s incident response firm) to investigate and contacted law enforcement after discovering the breach. The company began notifying customers in December, with some clients requesting TriZetto file breach reports on their behalf with the U.S. Department of Health and Human Services’ Office for Civil Rights and state agencies. Affected individuals are being offered one year of credit monitoring services.

Company Background
TriZetto, a subsidiary of IT giant Cognizant, provides insurance-eligibility verification software to public and private healthcare providers. Neither company has publicly commented on the breach or confirmed the total number of victims. This incident follows a 2023 lawsuit against Cognizant by Clorox, alleging its help desk was responsible for a cyberattack costing hundreds of millions.

Source: https://therecord.media/trizetto-healthcare-tech-company-data-breach-update

TriZetto Provider Solutions cybersecurity rating report: https://www.rankiteo.com/company/trizettoprovider

"id": "TRI1772047212",
"linkid": "trizettoprovider",
"type": "Breach",
"date": "11/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '3,433,965',
                        'industry': 'Healthcare',
                        'location': 'U.S.',
                        'name': 'TriZetto Provider Solutions',
                        'size': 'Large (handles over 4 billion transactions '
                                'annually)',
                        'type': 'Healthcare Technology Company'},
                       {'customers_affected': '700,000',
                        'industry': 'Public Sector',
                        'location': 'Oregon, U.S.',
                        'name': 'Oregon county governments',
                        'type': 'Government'},
                       {'industry': 'Healthcare',
                        'location': 'Oklahoma and other states, U.S.',
                        'name': 'Private medical providers',
                        'type': 'Healthcare Providers'}],
 'attack_vector': 'Web portal',
 'customer_advisories': 'One year of credit monitoring services offered to '
                        'affected individuals',
 'data_breach': {'number_of_records_exposed': '3,433,965',
                 'personally_identifiable_information': 'Social Security '
                                                        'numbers, addresses',
                 'sensitivity_of_data': 'High (Social Security numbers, '
                                        'addresses)',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII), Health '
                                             'Insurance Details'},
 'date_detected': '2024-10',
 'date_publicly_disclosed': '2024-12',
 'description': 'A 2024 data breach at TriZetto Provider Solutions, a '
                'healthcare technology company handling over four billion '
                'insurance transactions annually, has exposed the sensitive '
                'information of 3.4 million people across the U.S. The breach '
                'began in November 2024 and was discovered in October after a '
                'hacker accessed historical eligibility reports through a web '
                'portal.',
 'impact': {'data_compromised': 'Social Security numbers, addresses, health '
                                'insurance details',
            'identity_theft_risk': 'High',
            'systems_affected': 'Insurance eligibility verification software'},
 'initial_access_broker': {'entry_point': 'Web portal'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'Breach notifications filed in multiple states'}],
 'regulatory_compliance': {'regulations_violated': 'HIPAA (implied)',
                           'regulatory_notifications': 'Filed with U.S. '
                                                       'Department of Health '
                                                       'and Human Services’ '
                                                       'Office for Civil '
                                                       'Rights and state '
                                                       'agencies'},
 'response': {'communication_strategy': 'Customer notifications began in '
                                        'December 2024',
              'law_enforcement_notified': 'Yes',
              'third_party_assistance': 'Mandiant (Google’s incident response '
                                        'firm)'},
 'title': 'Massive U.S. Healthcare Data Breach Exposes Millions in Sensitive '
          'Information',
 'type': 'Data Breach'}