Cognizant’s TriZetto Provider Solutions suffered a massive data breach that exposed the sensitive health and personal information of 3,433,965 individuals over nearly 11 months. The stolen data included names, addresses, birth dates, Social Security numbers, health insurance member numbers, Medicare beneficiary numbers, and provider information—a trove of identity theft material for millions of patients across the United States. TriZetto Provider Solutions, a Missouri-based revenue management platform owned by Cognizant, serves physicians, hospitals, and health systems, meaning the breach touched countless healthcare organizations and the patients who rely on them. This article examines what was compromised, how long attackers had access, what Cognizant is doing about it, the legal fallout, and what affected individuals should do right now to protect themselves.
Table of Contents
- What Exactly Was Stolen in the TriZetto Breach?
- How Long Did Attackers Have Access, and When Was It Discovered?
- Who Is TriZetto, and Why Was Healthcare Data So Vulnerable?
- What Is Cognizant Offering Affected Individuals?
- What Legal Action Has Been Taken Against Cognizant?
- What Should Affected Individuals Do Right Now?
- Lessons from the TriZetto Breach for Healthcare Security
- Conclusion
- Frequently Asked Questions
What Exactly Was Stolen in the TriZetto Breach?
The TriZetto breach exposed a comprehensive personal and healthcare profile for each affected individual. Attackers obtained names, addresses, and birth dates—the foundational elements for identity theft. More critically, social security numbers were stolen, which can be used to open accounts, file fraudulent tax returns, or apply for credit in someone else’s name. The breach also exposed health insurance member numbers and Medicare beneficiary numbers, which criminals can exploit to fraudulently bill insurance companies or access medical services under stolen identities.
What distinguishes this breach from many others is that Cognizant confirmed what was *not* stolen: financial account information, such as bank account numbers or credit card data, was not compromised. However, when someone has your Social Security number, address, date of birth, and insurance information, financial account theft becomes far easier. A thief with this profile can phone a bank’s customer service line, navigate security questions using the stolen data, and gain access to accounts. The breach also included provider and health insurer names and primary insured information, giving attackers a complete roadmap of victims’ healthcare relationships.
How Long Did Attackers Have Access, and When Was It Discovered?
The unauthorized access began on November 19, 2024, and continued undetected for nearly 11 months. In early October 2025—almost a year after the breach started—suspicious activity was finally identified in a web portal used by healthcare providers. However, TriZetto did not learn the full scope of the breach until November 28, 2025, when investigators determined how much data had been stolen. This timeline is troubling: attackers had nearly a full year to exfiltrate millions of patient records before anyone noticed.
The notification lag was significant. Affected providers were notified on December 9, 2025, and affected individuals did not begin receiving notification letters until early February 2026. This delay meant that victims were potentially at risk for credit fraud or identity theft for months without knowing their information was compromised. The late discovery and slow notification underscore a critical vulnerability in healthcare security: attackers can spend months inside systems stealing data before detection, and even after detection, there can be a weeks-long gap before patients learn they’re at risk.
Who Is TriZetto, and Why Was Healthcare Data So Vulnerable?
TriZetto Provider Solutions is a healthcare revenue management platform owned by Cognizant, a large multinational IT services company. TriZetto processes sensitive data for physicians, hospitals, and health systems across the United States—making it a high-value target for cybercriminals and a critical infrastructure point for American healthcare. A breach of such a system ripples across the entire industry, affecting not just one hospital but potentially hundreds of healthcare organizations and millions of patients.
The specific vulnerability that allowed 11 months of unauthorized access has not been publicly detailed, but Cognizant engaged Mandiant, a leading cybersecurity firm owned by Google, to investigate and conduct a security review. This suggests the breach likely resulted from either a sophisticated advanced attack, poor access controls, lack of proper network segmentation, or all three. For healthcare companies, this breach is a reminder that simply holding HIPAA compliance certification is not sufficient—attackers routinely breach HIPAA-compliant organizations. The fact that Mandiant was brought in indicates Cognizant recognized the severity and wanted independent confirmation of how deep the compromise went.
What Is Cognizant Offering Affected Individuals?
In response to the breach, Cognizant partnered with Kroll, a firm specializing in incident response and credit monitoring services, to offer 12 months of complimentary credit monitoring and identity theft protection to all affected individuals. Twelve months of free monitoring is a standard breach response, but it’s often insufficient. A thief with your Social Security number can open accounts, establish credit history, and launch fraud that may take years to fully discover and remediate—well beyond the 12-month window. Affected individuals also have the right to obtain a copy of their credit report for free and to place a fraud alert on their credit file, which makes it harder for fraudsters to open new accounts in someone’s name.
However, fraud alerts expire after one year and must be renewed, and they do not prevent all fraud. A more aggressive option is a credit freeze, which prevents anyone—even legitimate creditors—from accessing your credit report without permission. This requires verification and costs money in most states, though a freeze placed in response to a confirmed breach may be free. Cognizant’s 12-month monitoring is a start, but affected individuals would be wise to consider a credit freeze as well, particularly if they have not previously been a victim of identity theft.
What Legal Action Has Been Taken Against Cognizant?
Multiple class-action lawsuits have been filed against Cognizant in U.S. federal courts, with cases filed in New Jersey and Missouri. The lawsuits allege that Cognizant failed to adequately protect sensitive patient data and that the company was negligent in its delayed breach disclosure. As of March 2026, no settlement has been reached; the lawsuits remain in early stages and discovery is ongoing.
A critical limitation of class-action litigation is timing: lawsuits can take years to resolve, and settlements may not cover the full cost of identity theft for all victims. Some affected individuals may receive a small cash settlement (often $10 to $50 per person) along with an extended monitoring period, but this rarely compensates for hours spent correcting fraudulent accounts or resolving identity theft. Additionally, some class-action settlements are structured so that unclaimed funds revert to the defendant or go to cy pres organizations, meaning victims who do not file a claim receive no compensation at all. If you are affected by this breach, it’s worth monitoring legal databases and major news outlets for settlement announcements, but do not assume a lawsuit will fully compensate you for the damage.
What Should Affected Individuals Do Right Now?
If you received notification that your data was compromised in the TriZetto breach, act immediately. First, sign up for the complimentary Kroll credit monitoring service provided by Cognizant. Second, request your free credit reports from all three credit bureaus—Equifax, Experian, and TransUnion—and review them carefully for any accounts you did not open. Look for new credit cards, loans, or inquiries from creditors; these can indicate fraud in progress. Third, consider placing a credit freeze with all three credit bureaus if you have not already done so.
A freeze is your strongest defense against someone opening accounts in your name. Fourth, monitor your healthcare provider accounts and health insurance accounts for unauthorized access. If you spot suspicious activity on any account, report it immediately and follow your provider’s fraud procedures. Finally, watch for unsolicited mail, unexpected bills, or calls from collection agencies about debts you did not incur. These are warning signs of fraud that may not show up on your credit report immediately.
Lessons from the TriZetto Breach for Healthcare Security
The TriZetto breach is not the first healthcare data breach, and it will not be the last. However, it underscores several critical gaps in the healthcare industry’s approach to security. First, HIPAA compliance does not prevent breaches; thousands of HIPAA-compliant organizations have suffered major breaches because compliance is a baseline, not a guarantee of security. Second, the 11-month window between breach start and detection shows that healthcare companies often lack robust network monitoring and intrusion detection.
Third, the delay in notifying patients reveals that healthcare organizations may not have robust incident response plans in place. For healthcare organizations using TriZetto or similar revenue cycle management platforms, this breach should prompt immediate review of access logs, network segmentation, and vendor security assessments. For patients and individuals, this breach is a stark reminder that your health data is worth stealing—more valuable, in many cases, than financial data—and that you cannot rely solely on companies to protect it. Taking personal responsibility through credit freezes, regular credit monitoring, and vigilant account oversight is now a necessity.
Conclusion
The Cognizant TriZetto breach exposed the health data and personal information of 3.4 million individuals, including Social Security numbers, over nearly 11 months of unauthorized access. While Cognizant has engaged incident response experts, offered 12 months of credit monitoring, and defended against class-action lawsuits, affected individuals cannot assume the company’s response is sufficient. The 11-month gap between breach initiation and detection highlights the reality that healthcare organizations, despite regulatory compliance, can fail to detect sophisticated attacks.
If you were notified of exposure in this breach, enroll in credit monitoring, obtain your credit reports, consider a credit freeze, and monitor your accounts closely. Settlements from class-action litigation may take years and may not fully compensate you for the harm caused by identity theft. Your best defense is vigilance, documented activity, and proactive steps to restrict access to your credit and healthcare information. As healthcare breaches grow larger and more common, personal protection measures are no longer optional.
Frequently Asked Questions
Will Cognizant cover the cost of fixing identity theft?
Cognizant is offering 12 months of free credit monitoring and identity theft protection. However, if you experience actual fraud, you’ll need to dispute unauthorized accounts yourself with creditors and credit bureaus. Cognizant’s liability in lawsuits is still being determined, but affected individuals may receive modest settlements after years of litigation.
Is it worth placing a credit freeze if Cognizant is offering monitoring?
Yes. Credit monitoring alerts you after fraud occurs; a credit freeze prevents most fraud from happening in the first place. A freeze blocks unauthorized parties from opening accounts in your name, though you’ll need to temporarily lift it when applying for credit yourself.
How long until I hear about a settlement in the lawsuits?
Class-action lawsuits typically take 2-4 years to resolve, with settlements reached after discovery and preliminary approval phases. Even then, not all affected individuals receive compensation—unclaimed settlement funds sometimes go unclaimed or revert to the defendant.
Could my health insurance rates go up because my data was breached?
No. Insurance companies cannot legally increase rates due to a data breach. However, if fraudsters use your health insurance information to file false claims, you may need to dispute those claims with your insurance company.
What if I discover fraud on my account months from now?
Report it immediately to your bank, credit card company, and health insurance provider. You can also file a report with the FTC at IdentityTheft.gov. Document everything, and file a dispute with the credit bureaus. Many states have laws requiring businesses to investigate fraud claims and correct inaccurate information.
Should I opt out of my health insurance while monitoring for fraud?
No. Canceling your insurance creates other risks. Instead, continue monitoring your insurance account for unauthorized charges, and don’t assume a bill is fraudulent just because it’s unfamiliar—always verify with your provider first.