An intrusion into TriZetto Provider Solutions systems exposed protected health information across multiple US healthcare providers, and a Thursday advisory from Deschutes County Health Services said the breach may have exposed PHI for more than 700,000 people. The incident began in November 2024 and the threat was eliminated on Oct. 2, 2025.
KEY FACTS
- Incident November 2024 intrusion into TriZetto Provider Solutions systems
- Records exposed Protected health information for more than 700,000 people
- Containment Threat eliminated on Oct. 2, 2025 after nearly a year
- Oregon notifications Local providers will notify roughly 1,300, 1,200, and 1,650 patients respectively
TriZetto Provider Solutions, which provides insurance verification services to healthcare clinics, was compromised in late 2024. Intruders accessed protected health information and other sensitive personal data before the activity was removed in October 2025.
Local providers began notifying affected patients in December 2025 and additional notifications are under way. There is no evidence at this time that the information has been misused for medical fraud or identity theft and no financial data were stolen.
Cognizant, which owns TriZetto, has been hit with multiple class action lawsuits related to the compromise. The notice did not include detailed technical information about how intruders gained access. Notification and mitigation efforts are ongoing.
WHY IT MATTERS
Delayed discovery and the large number of exposed records increase the potential privacy harm for patients and have prompted notifications and legal action. Providers and patients will need to monitor for possible misuse of personal information.