TriZetto Vendor Data Breach Exposes Patient Information in Third-Party Incident
Adapt Integrated Health Care has disclosed a data breach involving TriZetto, a third-party vendor that provides electronic medical record services through OCHIN. The incident, first reported to Adapt on December 10, 2015, involved an unauthorized individual gaining access to one of TriZetto’s systems.
Potentially compromised data includes names, Social Security numbers, dates of birth, contact details, health-related information, and insurance records. While not all patients were affected, TriZetto plans to begin sending individual notification letters in February 2026 to those impacted.
Adapt confirmed that its internal systems were not breached the incident occurred at a subcontractor of one of its vendors. The organization is collaborating with OCHIN to strengthen security measures and review its own processes to prevent future risks.
TriZetto has set up a dedicated call center (844-572-2724) and is working with vendor Kroll to provide notification services, call center support, and identity theft protection, including pre-paid credit monitoring for affected individuals. Additional updates may be sent by TriZetto or Kroll.
The breach highlights the risks of third-party vendor vulnerabilities in healthcare data security.
TriZetto Healthcare Products cybersecurity rating report: https://www.rankiteo.com/company/trizetto-healthcare-products
AdaptHealth cybersecurity rating report: https://www.rankiteo.com/company/adapthealth
"id": "TRIADA1769117193",
"linkid": "trizetto-healthcare-products, adapthealth",
"type": "Breach",
"date": "12/2015",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Potentially some patients (not '
'all)',
'industry': 'Healthcare',
'name': 'Adapt Integrated Health Care',
'type': 'Healthcare Provider'},
{'industry': 'Healthcare IT',
'name': 'TriZetto',
'type': 'Third-Party Vendor'},
{'industry': 'Healthcare IT',
'name': 'OCHIN',
'type': 'Subcontractor/Vendor'}],
'attack_vector': 'Unauthorized system access',
'customer_advisories': 'Notification letters to be sent starting February '
'2026, call center support available',
'data_breach': {'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'dates of birth, '
'contact details, '
'insurance records',
'sensitivity_of_data': 'High (PII, health records, SSNs)',
'type_of_data_compromised': 'Patient information'},
'date_detected': '2015-12-10',
'description': 'Adapt Integrated Health Care disclosed a data breach '
'involving TriZetto, a third-party vendor providing electronic '
'medical record services through OCHIN. An unauthorized '
'individual gained access to one of TriZetto’s systems, '
'potentially compromising patient information.',
'impact': {'data_compromised': 'Names, Social Security numbers, dates of '
'birth, contact details, health-related '
'information, insurance records',
'identity_theft_risk': 'High',
'systems_affected': 'TriZetto’s systems (third-party vendor)'},
'lessons_learned': 'Highlights risks of third-party vendor vulnerabilities in '
'healthcare data security',
'post_incident_analysis': {'corrective_actions': 'Strengthening security '
'measures, reviewing '
'processes with OCHIN',
'root_causes': 'Third-party vendor vulnerability '
'(TriZetto system access)'},
'references': [{'source': 'Incident disclosure by Adapt Integrated Health '
'Care'}],
'response': {'communication_strategy': 'Dedicated call center (844-572-2724), '
'notification letters starting '
'February 2026',
'remediation_measures': 'Strengthening security measures, '
'reviewing processes',
'third_party_assistance': 'Kroll (notification services, call '
'center support, identity theft '
'protection)'},
'title': 'TriZetto Vendor Data Breach Exposes Patient Information in '
'Third-Party Incident',
'type': 'Data Breach'}