Another major healthcare cyberattack has surfaced, and it involves a company most patients have never heard of. A health technology company that helps doctors verify insurance coverage has confirmed hackers stole personal and medical information belonging to more than 3.4 million people. The company, TriZetto, operates behind the scenes in the U.S. healthcare system, helping providers check patient insurance before treatments.
The breach raises new questions about how long attackers can remain inside critical healthcare systems before anyone notices. Here is what happened and why it matters.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com - trusted by millions who watch CyberGuy on TV daily. Plus, you'll get instant access to my Ultimate Scam Survival Guide free when you join.
TriZetto may not be a household name, but its technology plays a major role in everyday healthcare transactions. The company is owned by the multinational technology firm Cognizant and provides tools that healthcare providers use to verify insurance eligibility and process coverage checks before treatment. When a doctor's office confirms whether your insurance will cover a visit or procedure, that request often travels through systems like TriZetto.
$163K IN FAKE MEDICAL BILL CHARGES; AI UNCOVERS IT FOR YOU
According to the company, its services help support healthcare operations tied to about 200 million people through more than 875,000 providers across the United States. That scale also makes the company an attractive target for cybercriminals.
TriZetto said hackers accessed insurance eligibility transaction reports stored on its servers. Those reports can contain a surprising amount of personal and health information.
The stolen data may include:
The company said not every customer was affected by the breach. However, several healthcare organizations have confirmed that patient information was compromised. One of them is OCHIN, a nonprofit healthcare technology group that supports about 300 rural and community care providers across the United States. Some healthcare providers in California have also reported that their patient data was exposed.
One of the most concerning details is how long the attackers may have been inside the company's systems. TriZetto said it discovered the breach on October 2, 2025. Later investigation revealed that hackers may have gained access as far back as November 2024.
That means attackers could have remained inside the network for nearly a year. Cognizant spokesperson William Abelson said the company removed the threat from its systems after identifying the breach. However, the company has not explained why the intrusion went undetected for so long.
For cybersecurity experts, this type of delay is a serious concern. The longer attackers stay hidden inside a network, the more data they can collect.
This incident fits into a troubling trend across the healthcare industry. Medical organizations store highly sensitive information that includes identity details, insurance records and personal health data. That combination makes healthcare systems especially valuable targets for cybercriminals.
A major example occurred in 2024 when ransomware attackers targeted Change Healthcare. The company processes billions of healthcare transactions each year. Hackers stole more than 192 million patient records in that attack. The breach also caused widespread outages that disrupted prescriptions, billing and access to medical services across the United States. Events like these show how attacks on health technology companies can affect patients, hospitals and pharmacies across the country.
HOSPITAL CYBERATTACKS THREATEN PATIENT SAFETY
Medical data often sells for more than stolen credit card numbers. A single patient record can include identity information, insurance details and personal medical history. Criminals can use that data for identity theft, insurance fraud and targeted phishing scams.
In some cases, attackers also file fraudulent medical claims using stolen patient information. That makes health technology companies an increasingly common target for cyberattacks.
Most patients have little control over how healthcare technology companies protect their data. Still, there are steps you can take to reduce the risk of identity theft after a breach.
If you have health insurance or Medicare, pay close attention to Explanation of Benefits (EOB) statements after doctor visits or procedures. These documents show what was billed in your name, even if you do not owe anything. Look for services you did not receive, unfamiliar providers or duplicate charges. If something looks off, report it to your insurer or Medicare immediately. In some cases, fraud can trigger changes to your account, including issuing a new Medicare number.
Review insurance statements and medical bills carefully. Look for unfamiliar charges or services you never received. Also, check your bank and credit card statements for suspicious activity.
A credit freeze prevents criminals from opening new accounts using your Social Security number. The process is free and available through the major credit bureaus. You can temporarily lift the freeze anytime if you need to apply for credit.
COVENANT HEALTH DATA BREACH AFFECTS NEARLY 500,000 PATIENTS
Visit AnnualCreditReport.com to review your credit reports from the three major bureaus. Look for accounts, loans or inquiries you do not recognize. Early detection can prevent larger problems later.
Cybercriminals often follow large breaches with phishing emails or text messages. These messages may pretend to come from healthcare providers or insurers. Always verify suspicious messages before clicking links or sharing information. Installing strong antivirus software on your devices can also help block malicious links, detect suspicious downloads and warn you about dangerous websites. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
Many breaches expose personal details that data brokers collect and sell online. A data removal service can scan broker databases and request the removal of your personal information. This reduces the chances that scammers find your contact details and target you with fraud.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
Identity protection services can alert you if your personal information appears in suspicious transactions or on underground data marketplaces. Early alerts can help you act quickly if someone tries to misuse your data. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.
The TriZetto breach highlights how much personal health data flows through technology companies that most patients never see. When one of those systems is compromised, millions of people can be affected at once. Healthcare providers, insurers and technology vendors must strengthen cybersecurity protections as attacks on medical data continue to rise.
Here is something worth thinking about. How many companies currently hold your health data that you have never even heard of? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com - trusted by millions who watch CyberGuy on TV daily. Plus, you'll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
