TriZetto Provider Solutions, a healthcare technology subsidiary of global IT services company Cognizant, has disclosed a major cybersecurity incident that exposed sensitive health information belonging to 3,433,965 patients.
The organization confirmed the breach in an official data breach notification, revealing that malicious threat actors successfully compromised its external systems. The incident highlights the growing cybersecurity risks facing healthcare supply chains and third-party technology providers that manage critical medical data.
FCRF Launches Flagship Certified Fraud Investigator (CFI) Program
Breach Timeline and Attack Impact
According to the disclosure, unauthorized access to TriZetto’s external network first occurred on November 19, 2024. However, the company did not discover the intrusion until November 28, 2025, meaning the attackers remained undetected within the infrastructure for more than a year.
The breach has been categorized as an external system hacking incident. During the intrusion, cybercriminals reportedly extracted patients’ full names and other personal identifiers combined with sensitive healthcare information.
The unusually long dwell time has raised serious concerns about network monitoring, detection systems, and threat-hunting capabilities in the healthcare technology sector.
The Maine Attorney General’s office received the official breach notification on February 6, 2026, submitted by legal counsel Edward Zacharias from McDermott Will & Schulte. While millions of patients across the United States were affected, 1,128 victims were identified as residents of Maine.
Given its scale, the incident is being considered one of the largest healthcare supply chain data breaches reported in recent times.
Remediation and Victim Protection
After discovering the compromised infrastructure, TriZetto launched a formal incident response investigation and began notifying affected individuals on February 6, 2026.
Because the stolen data includes personally identifiable information linked with medical records, affected patients may face increased risks such as:
- Targeted spear-phishing attacks
- Medical identity theft
- Financial fraud
FutureCrime Summit 2026: Registrations to Open Soon for India’s Biggest Cybercrime Conference
To comply with regulatory disclosure requirements, the company is sending written notification letters to all impacted patients.
TriZetto has also partnered with the cybersecurity firm Kroll to support affected individuals. As part of its response measures, the company is offering 12 months of complimentary single-bureau credit monitoring and identity theft protection services.
Cybersecurity experts are advising affected patients to take additional precautions, including freezing their credit reports and closely monitoring medical billing statements for any unauthorized or suspicious activity.
Security analysts say the incident serves as another reminder that healthcare technology providers remain prime targets for cybercriminals, largely because of the high value of medical and personal data stored within their systems.
Experts emphasize that organizations must strengthen security monitoring, improve threat detection capabilities, and ensure timely incident response to prevent long-term undetected intrusions and protect sensitive patient data.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
