Major health provider data breach may have affected thousands more people - over 700k now thought to have been hit

News
By published

TriZetto Provider Solutions breach was spotted in October 2025

x
(Image credit: Shutterstock)
  • TriZetto Provider Solutions breach exposed sensitive data of over 700,000 individuals
  • Stolen information includes names, SSNs, insurer details, and member numbers
  • Breach led to class-action lawsuits against Cognizant, TPS’s parent company

The number of people affected by the TriZetto Provider Solutions (TPS) data breach is now thought to have exceeded 700,000 people - far more than initially thought.

Deschutes County Health Services (DCHS), one of TPS’ customers, confirmed the news in a recent data breach notification published on its website.

In the data breach notification letter, it was said that TPS spotted unauthorized activity in October 2025 and launched an investigation, which determined that threat actors broke in almost a year prior - in November 2024. Since then, they have been exfiltrating sensitive personal and health data on more than 700,000 people.

Extorting the victims

The data belongs to TPS’ customers, it was said, and some of the affected organizations are Deschutes County Health Services, Best Care, and the La Pine Community Health Center. None of these companies were breached themselves - the breach occurred solely in TPS’ infrastructure.

The exposed data varies from person to person, but generally includes people’s names, addresses, birth dates, Social Security numbers (SSN), health insurer names, health insurance member numbers, and provider names.

DCHS stressed no medical diagnosis or treatment information, as well as payment data, was taken in the attack.

TriZetto Provider Solutions is a healthcare technology company and a subsidiary of Cognizant that provides healthcare organizations with software and services for revenue cycle management and claims processing.

Some of its customers include Denver Health and Hospital Authority, EmblemHealth, Bucksport Regional Health Center, and others.

We don’t know exactly how the attack happened, or who the threat actors were. The data, at press time, has not yet been abused in attacks, but it can be used in all sorts of scams. For example, crooks can run highly targeted scams and phishing, pretending to be a health insurer, tricking people into revealing more information, or making payments.

Also, they can carry out medical identity fraud, using insurance member numbers and insurer details to obtain medical services, prescription drugs, or submit fake insurance claims.

According to The Register, the breach resulted in multiple class-action lawsuits against Cognizant.

Via The Register

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.