Credit: Dmitry/Adobe Stock
TriZetto Provider Solutions last week confirmed that a hack of its systems that began in November 2024 ended up affecting the records of 3.4 million medical practice patients.
TriZetto is part of Cognizant, a giant technology services company, and physicians use TriZetto systems to run their practices and handle activities such as filing claims with health plans and health insurers.
The records affected by the TriZetto breach may have included a patient's name, address, date of birth, Social Security number, health insurance member number, provider name, health insurer name, and name of the primary insured, according to a model notice the company filed with the Office of the Maine Attorney General, which posts detailed breach information.
"The incident did not affect any payment card, bank account or other financial information," TriZetto said. "At this time, we are not aware of any identity theft or fraud related to the use of any affected individual's information, including yours."
TriZetto is offering people affected by the breach 12 months of credit monitoring from Kroll.
The breach: TriZetto says in the new model notice that it learned about the data affected by the breach Nov. 28, 2025, and notified affected health care providers Dec. 9, 2025.
Gardner Health Services, a clinic in San Jose, California, said in a breach notice it filed with California regulators Dec. 22, 2025, that TriZetto told it Dec. 9, 2025, that TriZetto became aware of suspicious activity in a web portal Oct. 2, 2025.
TriZetto "determined that, beginning in November 2024, an unauthorized person began accessing some records related to insurance eligibility verification transactions that health care providers process to assess insurance coverage for treatment services they provide to patients," according to the Gardner notice.
The backdrop: News organizations have been paying less attention to data breaches in the wake of reports that a February 2024 breach of UnitedHealth's Change Healthcare health care administration systems unit affected the records of 190 million people.
But health care, health finance and health system services have continued to report many smaller breaches since then.
An attack on Aflac in June 2025 affected about 23 million people, and an attack on a vendor that serves Blue Cross Blue Shield Montana in late 2024 and early 2025 affected one-third of the people living in Montana.
A breach of UnitedHealth's own Episource medical billing and claims analysis business in early 2025 may have affected the data of up to 5.4 million people.
What it means: Employers and health plans need to update their strategies for determining whether benefit plan participants really are who they appear to be, given that wrongdoers can now find most people's names, birthdates, Social Security numbers, and answers to common identity verification questions available for sale on the dark web.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.