TriZetto Confirms 2024 Cyberattack Exposing 3.4 Million Patients’ Data
TriZetto, a major U.S. health technology provider under Cognizant, disclosed a 2024 cyberattack that compromised the personal and medical data of over 3.4 million individuals. The breach, detected on October 2, 2025, went unnoticed for nearly a year, with unauthorized access dating back to November 2024.
The stolen data included sensitive information such as names, dates of birth, home addresses, Social Security numbers, health status details, provider names, and insurance records. TriZetto, which processes insurance eligibility for roughly 200 million patients through 875,000 healthcare providers, confirmed that patient eligibility reports were extracted from its servers.
Multiple organizations, including OCHIN a nonprofit serving 300 U.S. providers and several California-based medical providers, verified that their patients’ data was exposed. However, TriZetto stated that not all clients were affected.
The incident follows a 2024 ransomware attack on Change Healthcare, which resulted in the theft of 192 million patient files and caused widespread disruptions in medical services nationwide. TriZetto has not provided details on why the breach remained undetected for nearly a year, and Cognizant has not responded to requests for comment.
Source: https://mezha.net/eng/bukvy/trizetto_confirms_data/
TriZetto Healthcare Products cybersecurity rating report: https://www.rankiteo.com/company/trizetto-healthcare-products
Change Healthcare cybersecurity rating report: https://www.rankiteo.com/company/change-healthcare
OCHIN, Inc. cybersecurity rating report: https://www.rankiteo.com/company/ochin
"id": "TRICHAOCH1772815208",
"linkid": "trizetto-healthcare-products, change-healthcare, ochin",
"type": "Breach",
"date": "11/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3.4 million individuals',
'industry': 'Healthcare',
'location': 'U.S.',
'name': 'TriZetto',
'type': 'Health Technology Provider'},
{'industry': 'Healthcare',
'location': 'U.S.',
'name': 'OCHIN',
'size': 'Serving 300 providers',
'type': 'Nonprofit'},
{'industry': 'Healthcare',
'location': 'California, U.S.',
'name': 'California-based medical providers',
'type': 'Healthcare Providers'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '3.4 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Home addresses',
'Social Security numbers',
'Health status details',
'Provider names',
'Insurance records']},
'date_detected': '2025-10-02',
'description': 'TriZetto, a major U.S. health technology provider under '
'Cognizant, disclosed a 2024 cyberattack that compromised the '
'personal and medical data of over 3.4 million individuals. '
'The breach, detected on October 2, 2025, went unnoticed for '
'nearly a year, with unauthorized access dating back to '
'November 2024. The stolen data included sensitive information '
'such as names, dates of birth, home addresses, Social '
'Security numbers, health status details, provider names, and '
'insurance records. TriZetto processes insurance eligibility '
'for roughly 200 million patients through 875,000 healthcare '
'providers and confirmed that patient eligibility reports were '
'extracted from its servers.',
'impact': {'data_compromised': 'Personal and medical data of over 3.4 million '
'individuals',
'identity_theft_risk': 'High',
'systems_affected': 'TriZetto servers'},
'title': 'TriZetto Confirms 2024 Cyberattack Exposing 3.4 Million Patients’ '
'Data',
'type': 'Data Breach'}