Health tech giant TriZetto has confirmed that a cyberattack stole the personal and health information of more than 3.4 million people. The company failed to detect the breach for almost a year.
TriZetto, owned by the multinational conglomerate Cognizant, serves approximately 200 million people across 875,000 healthcare providers in the United States. Doctors’ offices and healthcare providers use TriZetto’s systems to assess patients’ insurance eligibility for medical treatments.
In a recent filing with Maine’s attorney general, TriZetto stated that hackers stole patients’ insurance eligibility transaction reports from its servers. The stolen data includes personal information such as names, dates of birth, home addresses, and Social Security numbers. It also includes healthcare details like provider names, demographic data, and health and insurance information.
TriZetto identified the breach on October 2, 2025, but later discovered that the hackers had access to its systems as far back as November 2024. A spokesperson for Cognizant did not immediately respond to requests for comment, including questions about why it took the company a year to detect the intrusion.
Several healthcare organizations have confirmed that their patients’ information was compromised. One is OCHIN, a nonprofit consultancy that provides technology to about 300 rural and community care providers. Other healthcare providers across California have also confirmed they were affected.
According to TriZetto, not every customer was impacted by the breach.
TriZetto is the latest major health tech company to confirm a significant hack. In 2024, a ransomware attack at Change Healthcare, another giant that processes billions of healthcare transactions, resulted in the theft of over 192 million patient files. That cyberattack caused widespread outages across the U.S., leaving many people without access to medical treatments or medications.