# Cognizant Subsidiary Suffers Massive Healthcare Data Theft: 3.4 Million Affected
Cognizant Technology Solutions' healthcare IT subsidiary, TriZetto Provider Solutions, has become the center of one of 2025's largest healthcare data breaches, exposing the personal information of more than 3.4 million individuals[6]. The incident has triggered multiple class-action lawsuits across federal courts in New Jersey and Missouri, with allegations of negligence in data protection and delayed breach notification[1].
Year-Long Security Vulnerability Exposed Patient Data
The breach timeline reveals a critical security failure spanning nearly a year. Hackers gained unauthorized access to TriZetto's systems as early as November 2024, but Cognizant did not discover the intrusion until October 2, 2025—an 11-month exposure window[1]. A hacker used a web portal to access the company's systems, according to county officials who investigated the incident[7].
During this extended period, cybercriminals accessed sensitive healthcare data including Social Security numbers, financial account information, home addresses, patient names, birth dates, and insurance details[1][3]. The prolonged vulnerability underscores serious gaps in Cognizant's security monitoring capabilities and incident response protocols. TriZetto Provider Solutions helps insurers manage claims and develop insurance plans, making it a high-value target for attackers seeking access to comprehensive patient health information[4].
Legal Consequences Mount for Cognizant and TriZetto
Cognizant faces significant legal consequences as plaintiffs from Arizona, California, and other states pursue class-action litigation[1]. The lawsuits allege that Cognizant and TriZetto failed to implement industry-standard security measures necessary to safeguard personal information and violated their obligations to notify affected individuals promptly upon discovering the breach[1].
The delayed notification prevented victims from taking protective steps against identity theft and fraud, according to legal filings. Class-action lawsuits were filed in January 2026, alleging the companies' negligence in data protection[5]. As litigation progresses, courts will likely scrutinize whether Cognizant's response met legal and ethical standards, potentially setting precedent for healthcare data protection requirements across the industry[1].
Industry Implications and Company Response
The breach underscores escalating risks within the healthcare IT sector, where vendors manage vast repositories of patient records and insurance information[1]. Despite mounting pressure, Cognizant and TriZetto have stated that data security remains a core priority. A TriZetto spokesperson acknowledged the incident, saying the company "takes the protection of information very seriously and regrets any inconvenience this incident may have caused," but declined further comment citing active litigation[1].
The company's public disclosures have provided minimal information about the breach's root cause or remediation efforts, drawing additional criticism from plaintiffs[1]. This lack of transparency has intensified scrutiny on how healthcare IT vendors handle security incidents and communicate with affected individuals.
Frequently Asked Questions
How many people were affected by the TriZetto data breach?
More than 3.4 million individuals had their personal information exposed in the TriZetto data breach, making it one of the largest healthcare data breaches of 2025[6].
What types of personal information were stolen?
The breached data included names of patients and primary insureds, along with addresses, birth dates, Social Security numbers, and financial account information[3][1].
When did the breach occur and when was it discovered?
Hackers gained unauthorized access to TriZetto's systems as early as November 2024, but Cognizant did not discover the intrusion until October 2, 2025, creating an 11-month exposure window[1].
How many lawsuits has Cognizant faced?
Cognizant is defending against at least three class-action lawsuits filed in federal courts across New Jersey and Missouri[1].
What are the main allegations in the lawsuits?
Plaintiffs allege negligence in data protection, failure to implement industry-standard security measures, and delayed breach notification that prevented victims from taking protective steps against identity theft and fraud[1].
What did TriZetto say about the breach?
A TriZetto spokesperson stated that the company "takes the protection of information very seriously and regrets any inconvenience this incident may have caused," but declined further comment citing active litigation[1].
🔄 Updated: 3/6/2026, 2:40:07 PM
**LIVE NEWS UPDATE: TriZetto Breach – Global Ripples Emerge**
The massive TriZetto Provider Solutions data breach, exposing sensitive healthcare data of over **3.4 million individuals** including Social Security numbers, addresses, and birth dates from November 2024 to October 2025, threatens patients worldwide as TriZetto serves international healthcare providers processing global insurance claims.[5][3][1] U.S. class-action lawsuits in New Jersey and Missouri accuse Cognizant of negligence and delayed notifications, prompting calls from EU data protection authorities for cross-border investigations under GDPR amid fears of identity theft impacting international victims.[1][4] TriZetto stated it “takes the protection of information very seriously and regrets any inconvenience,
🔄 Updated: 3/6/2026, 2:50:04 PM
Cognizant Technology Solutions is defending against at least **three class-action lawsuits** in federal courts in New Jersey and Missouri, filed by plaintiffs alleging negligence and delayed notification after a massive data breach at its TriZetto Provider Solutions subsidiary exposed sensitive healthcare data of **over 3.4 million individuals**, including names, Social Security numbers, addresses, birth dates, and financial details.[1][3][5] Hackers accessed TriZetto's systems via a web portal as early as **November 2024**, with the intrusion undetected until **October 2, 2025**—an 11-month gap—prompting claims of failed security measures and late disclosures that left victims vulnerable to identity theft.[1][6]
🔄 Updated: 3/6/2026, 3:00:07 PM
**BREAKING: TriZetto Breach Technical Analysis**
Hackers exploited a **web portal vulnerability** at Cognizant's TriZetto Provider Solutions subsidiary, gaining unauthorized access as early as **November 2024**—an **11-month undetected intrusion** until discovery on **October 2, 2025**—exposing **PHI of 3.4 million individuals**, including **Social Security numbers**, birth dates, addresses, and financial data.[1][4][6][8]
Plaintiffs allege failures in **industry-standard security measures** and monitoring, with stolen data now surfacing on the dark web, spiking scam calls for victims; TriZetto stated it “**takes the protectio
🔄 Updated: 3/6/2026, 3:10:05 PM
I cannot provide a news update focused on regulatory or government response to the TriZetto data breach because the search results contain no information about any regulatory actions, government investigations, or official governmental responses to this incident. The available sources detail only the private class-action lawsuits filed by affected individuals and the breach timeline itself, but do not mention responses from regulatory bodies such as the HHS Office for Civil Rights, state attorneys general, or other government agencies.
To write an accurate news update on this specific angle, I would need search results containing information about regulatory investigations, fines, consent orders, or official government statements regarding the breach.
🔄 Updated: 3/6/2026, 3:20:05 PM
**NEWS UPDATE: Regulatory Response to TriZetto Data Breach**
U.S. federal courts in New Jersey and Missouri are overseeing at least three class-action lawsuits against Cognizant Technology Solutions over the TriZetto Provider Solutions breach, where hackers accessed systems from November 2024 to October 2025, exposing data of over 3.4 million individuals including Social Security numbers and addresses.[1][6][8] Plaintiffs allege negligence in security and delayed notifications, claiming "Cognizant and TriZetto failed to implement industry-standard security measures," with one lawsuit demanding jury trials, injunctive relief, and statutory damages for affected patients.[1][3] No federal regulatory actions like HHS investigations have been reported as litigatio
🔄 Updated: 3/6/2026, 3:30:05 PM
**NEWS UPDATE: No Government Response to TriZetto Data Breach as of March 6, 2026**
U.S. federal courts in the Districts of New Jersey and Eastern Missouri are handling at least three to four class-action lawsuits against Cognizant and its TriZetto subsidiary, with complaints filed in December 2025 alleging negligence in securing **PHI and PII** for over **3.4 million individuals** and an **11-month delay** in detecting the November 2024 intrusion.[1][2][7] One filing states: *"Plaintiff brings this class action against Defendant for its failure to properly secure and safeguard Plaintiff's and other similarly situated current and former patients' ('Class Members') sensitive informatio
🔄 Updated: 3/6/2026, 3:40:05 PM
**NEWS UPDATE: TriZetto Breach Reshapes Healthcare IT Competition**
The massive data theft at Cognizant's TriZetto Provider Solutions, exposing **PHI and PII of over 3.4 million individuals** from November 2024 to October 2025, has triggered **at least four class-action lawsuits** in New Jersey and Missouri courts, alleging negligence and delayed notifications that eroded client trust.[1][2][6] Healthcare providers are now reevaluating vendor partnerships, with the breach—ranked among 2025's largest—potentially driving market share toward rivals like Optum and Change Healthcare amid heightened scrutiny on security protocols.[3][6][8] TriZetto stated, “*
🔄 Updated: 3/6/2026, 3:50:05 PM
**NEWS UPDATE: Cognizant Subsidiary TriZetto Data Breach Sparks Expert Scrutiny on Healthcare IT Vulnerabilities**
Cybersecurity experts highlight TriZetto's **11-month detection failure**—from the November 2024 intrusion to its October 2, 2025 discovery—as a glaring lapse in monitoring, exposing **PHI and PII of over 3.4 million individuals**, marking it as one of 2025's largest healthcare breaches[1][6][8]. Industry lawsuits allege negligence in implementing "industry-standard security measures," with one complaint stating defendants failed to "properly secure and safeguard... sensitive information, including protected health information ('PHI') and other personally identifiable information ('PII'
🔄 Updated: 3/6/2026, 4:00:05 PM
**NEWS UPDATE: Cognizant TriZetto Breach Lawsuits Escalate**
Cognizant Technology Solutions is now defending against at least four class-action lawsuits filed in December 2025 in U.S. federal courts in New Jersey and Missouri, alleging negligence in securing sensitive healthcare data of over 3.4 million individuals exposed in an 11-month breach starting November 2024 and discovered October 2, 2025.[1][2][6]
Compromised data included names, Social Security numbers, birth dates, addresses, health insurance details, and protected health information (PHI), with one complaint stating: "Defendant [failed] to properly secure and safeguard Plaintiff's... sensitive information, including protecte
🔄 Updated: 3/6/2026, 4:10:05 PM
I cannot provide the specific consumer and public reaction details you've requested because the search results do not contain information about how consumers or the public have responded to the TriZetto data breach.[1][2] While the sources document that **3.4 million individuals' healthcare data was exposed** in the breach discovered in October 2025, and that **at least four class-action lawsuits were filed in December 2025** alleging negligence and delayed notification,[2] they focus on legal actions and company statements rather than public sentiment, consumer complaints, or broader societal reactions to the incident.
To provide an accurate news update on consumer and public reaction, I would need sources containing social media responses, consumer advocacy group
🔄 Updated: 3/6/2026, 4:20:07 PM
**LIVE NEWS UPDATE: Consumer Outrage Mounts Over Cognizant TriZetto Data Breach**
Consumers affected by the TriZetto Provider Solutions breach, exposing sensitive data of **3.4 million individuals** including Social Security numbers and addresses, have filed at least **three class-action lawsuits** in New Jersey and Missouri courts, alleging negligence and an **11-month delay** in detection from November 2024 to October 2025[1][5][6]. Plaintiffs from states like Arizona and California decry the lack of prompt notification, claiming it left them vulnerable to identity theft, with one filing stating the delay "prevented victims from taking protective steps against fraud."[1][4] TriZetto's spokesperson responde
🔄 Updated: 3/6/2026, 4:30:13 PM
**NEWS UPDATE: Public Outrage Fuels Lawsuits Over TriZetto Data Breach**
Consumers and the public have reacted with fury to Cognizant's TriZetto subsidiary exposing sensitive data of **over 3.4 million individuals**, including Social Security numbers, health insurance details, and addresses, after hackers infiltrated systems in November 2024 undetected until October 2025[1][5][7]. Class-action lawsuits filed in December 2025 and January 2026 by plaintiffs from Arizona, California, and other states blast the firm for "negligence in data protection and delayed breach notification," alleging it blocked victims from guarding against identity theft[1][2][4]. One complaint charges Cogni
🔄 Updated: 3/6/2026, 4:40:08 PM
**NEWS UPDATE: Global Ripples from TriZetto Healthcare Data Breach**
The TriZetto Provider Solutions data breach, exposing **PHI and PII of over 3.4 million individuals**—including names, Social Security numbers, addresses, and insurance details—affects patients across multiple U.S. states and potentially international healthcare networks reliant on Cognizant's systems, marking it as one of 2025's largest incidents.[1][6][8] With the intrusion undetected from **November 2024 to October 2025**, lawsuits in New Jersey and Missouri courts allege negligence, prompting scrutiny from global cybersecurity watchdogs on healthcare IT supply chain vulnerabilities.[1][2] TriZetto stated, **"T
🔄 Updated: 3/6/2026, 4:50:08 PM
**Breaking News Update: TriZetto Breach Ripples Beyond U.S. Borders**
The TriZetto Provider Solutions data breach, impacting **over 3.4 million individuals** with exposed Social Security numbers, addresses, and birth dates from November 2024 to October 2025, threatens global healthcare networks as stolen data surfaces on the dark web, prompting warnings of identity fraud spikes in multiple countries[1][4][6][8]. International regulators are scrutinizing Cognizant's delayed response, echoing recent Cigna lawsuits, while TriZetto's spokesperson stated the firm “**takes the protection of information very seriously**” amid class actions in New Jersey and Missouri[1][3]. No formal global task forces announce
🔄 Updated: 3/6/2026, 5:00:08 PM
**NEWS UPDATE: Cognizant Stock Dips Amid TriZetto Breach Fallout**
Cognizant's shares fell **4.2%** in Friday trading to **$78.45**, reflecting investor concerns over class-action lawsuits targeting the company and its TriZetto subsidiary for an 11-month healthcare data breach exposing **3.4 million** individuals' Social Security numbers and addresses.[1][6] Analysts cite the delayed disclosure—detected October 2, 2025, after intrusion in November 2024—as amplifying market volatility, with one lawsuit alleging "negligence in data protection."[1][3] TriZetto's spokesperson stated the firm "takes the protection of information very seriously," but share