Mar 08, 2026 · 5 min read

Hackers Had Access to 3.4 Million Patients’ Records for a Year—The Company Just Started Telling People

TriZetto Provider Solutions, a Cognizant subsidiary that processes insurance data for 875,000 healthcare providers, took nearly a year to detect the breach and months more to notify patients.

Hospital hallway with electronic medical record screens visible through glass doors with a subtle digital glitch effect on one screen

A Year of Undetected Access

TriZetto Provider Solutions, a healthcare IT company owned by multinational conglomerate Cognizant, confirmed in March 2026 that hackers accessed its web portal and stole personal and health data belonging to more than 3.4 million people. The breach ranks as one of the largest healthcare data incidents confirmed this year.

The timeline is what makes this breach particularly concerning. According to TriZetto's own forensic investigation, unauthorized access to patient records began in November 2024. The company did not detect the suspicious activity until October 2, 2025, nearly 11 months later. Notification letters to affected patients did not begin until early February 2026, more than a year after the initial compromise.

For 3.4 million people, their most sensitive personal data was exposed for the better part of a year before anyone knew.

What Was Stolen

The breach affected the revenue cycle management side of TriZetto's business, specifically the insurance eligibility verification system that healthcare providers use to check whether a patient's insurance covers a particular treatment. This is routine administrative data that flows through the system every time you visit a doctor.

The compromised records included:

Full names and home addresses
Dates of birth
Social Security numbers
Health insurance policy numbers
Medicare beneficiary numbers
Provider names and health insurer names
Primary insured information
Other demographic and health related data

This is not a dataset of email addresses and usernames. Social Security numbers, combined with insurance policy numbers and dates of birth, provide everything needed for medical identity theft, insurance fraud, and targeted phishing campaigns.

The Scale of TriZetto's Reach

TriZetto is not a household name, but its infrastructure touches a significant portion of the U.S. healthcare system. The company claims to serve approximately 200 million people across 875,000 healthcare providers throughout the country. Its parent company, Cognizant, is a Fortune 200 multinational with over $19 billion in annual revenue.

The breach did not require compromising a hospital's network or a patient portal directly. The attackers targeted the middleman, the insurance verification layer that sits between patients, providers, and insurers. This is the same pattern seen in other major healthcare breaches: third party systems that aggregate patient data from thousands of sources become single points of failure.

The Notification Delay

Under HIPAA's Breach Notification Rule, covered entities and their business associates must notify affected individuals within 60 days of discovering a breach. TriZetto's timeline pushes the boundaries of that requirement.

The breach was detected on October 2, 2025. TriZetto began notifying healthcare providers on December 9, 2025. Patient notification letters did not go out until early February 2026, approximately four months after discovery. For the patients themselves, the gap between when their data was stolen and when they learned about it stretched to well over a year.

This notification timeline follows a pattern that has become disturbingly common in healthcare breaches. The University of Hawaii Cancer Center waited six months to notify 1.2 million people after its own breach. The longer the delay, the more time attackers have to exploit stolen data before victims can take protective action.

Healthcare's Third Party Problem

The TriZetto breach is the latest in a series of incidents that expose the vulnerability of healthcare's sprawling supply chain. Hospitals and clinics rely on hundreds of third party vendors to process insurance claims, manage revenue cycles, store patient records, and handle administrative workflows. Each of these vendors becomes a potential entry point for attackers.

The healthcare sector has seen this pattern repeatedly in recent years:

McLaren Health was hit by ransomware twice and settled for $14 million
The Conduent breach affected 25 million Americans through a contractor serving state health agencies
Kaiser Permanente's tracking pixels sent 13 million patients' data to Google for seven years

In each case, patients had no relationship with the breached entity and no way to know their data was being processed by that company. The healthcare system's dependence on invisible intermediaries means that a breach at a company most people have never heard of can expose millions of records overnight.

What Affected Patients Should Do

If you received a notification letter from TriZetto or your healthcare provider, take these steps immediately:

Place a credit freeze with all three major bureaus (Equifax, Experian, TransUnion) to prevent new accounts from being opened with your stolen SSN
Monitor your health insurance statements for unfamiliar claims or providers, which may indicate medical identity theft
Request your medical records from providers to verify that no fraudulent treatments have been added under your name
Be alert for phishing emails referencing your healthcare providers, insurance plans, or the TriZetto breach itself, as attackers often use stolen data to craft convincing follow up scams

TriZetto is offering affected individuals credit monitoring services, but given that the breach went undetected for nearly a year, the stolen data has already had more than enough time to circulate.