Major Data Breaches Impacting US Healthcare Providers
Cognizant Technology Solutions, through its subsidiary TriZetto Provider Solutions, experienced a significant data breach that went undetected for nearly a year, exposing sensitive personal information such as Social Security numbers, financial account details, and home addresses. The breach, which affected at least 100 individuals across several states, led to multiple class-action lawsuits alleging delayed disclosure, insufficient notification to victims, and a lack of transparency regarding the incident's root cause and remediation. Plaintiffs argue that the delay in notification left affected individuals vulnerable to identity theft and financial fraud, while Cognizant and TriZetto have offered limited public comment due to ongoing litigation.
Separately, Covenant Health, a major healthcare provider operating in several northeastern US states, suffered a ransomware attack by the Qilin group in May 2025. The attack compromised the data of over 478,000 individuals, leading to system shutdowns across hospitals and clinics and prompting the organization to hire cybersecurity experts for containment and investigation. Covenant Health initially reported a smaller number of affected individuals but later updated the total to nearly half a million, subsequently notifying patients and offering credit monitoring and identity protection services. Both incidents underscore the persistent cybersecurity risks facing the healthcare sector and the significant impact of breaches on patient privacy and organizational trust.
Timeline
Jan 2, 2026
Class-action lawsuits filed against Cognizant over TriZetto breach
By January 2026, Cognizant was facing multiple U.S. class-action lawsuits over the TriZetto data breach. Plaintiffs alleged inadequate security, delayed notification, and lack of transparency that increased the risk of identity theft and fraud.
Dec 1, 2025
Covenant Health notifies affected individuals and offers protection services
Following its investigation and regulatory reporting, Covenant Health notified affected individuals, offered credit monitoring and identity protection, and set up a dedicated call center. The notifications were issued in compliance with HIPAA and state requirements.
Dec 1, 2025
Covenant Health revises breach impact to 478,188 people
After further investigation, Covenant Health updated the number of affected individuals in December 2025 from about 7,800 to 478,188. The compromised data included personal, health, insurance, and treatment information.
Oct 2, 2025
TriZetto discovers the data breach
TriZetto Provider Solutions discovered the breach on October 2, 2025, nearly a year after attackers first accessed its systems. The incident involved sensitive data including Social Security numbers, financial account details, and home addresses.
Jun 1, 2025
Qilin claims Covenant Health attack and data theft
In June 2025, the Qilin ransomware group publicly claimed responsibility for the Covenant Health incident and said it had stolen 850 GB of sensitive data. This added public attribution and indicated the scale of the data theft.
May 1, 2025
Qilin ransomware attacks Covenant Health
In May 2025, Covenant Health suffered a ransomware attack attributed to the Qilin group, causing system shutdowns across multiple hospitals and clinics in several states. Operations were affected, though the organization said services continued with minimal disruption.
Nov 1, 2024
Hackers begin unauthorized access to TriZetto Provider Solutions systems
Attackers gained unauthorized access to systems at TriZetto Provider Solutions, a Cognizant healthcare subsidiary, as early as November 2024. The intrusion reportedly left sensitive personal data exposed for an extended period before discovery.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Large US Healthcare Data Breaches Impacting Millions of Patients
Multiple healthcare-sector data breaches were disclosed with significant exposure of **protected health information (PHI)**. TriZetto Provider Solutions (TPS), an insurance verification provider, reported a compromise that began in **November 2024** and was not detected until nearly a year later; the threat was reportedly eradicated on **Oct. 2, 2025**. Notifications to affected healthcare provider customers across several states continued into late 2025 and early 2026, with one Oregon advisory estimating exposure affecting **more than 700,000 people**; impacted providers stated there was no current evidence of misuse and that **financial details were not stolen**. Separately, Healthcare Interactive (*HCIactive*), an AI-powered insurance enrollment and benefits administration vendor, confirmed that an intrusion and data exfiltration tied to activity in mid-2025 ultimately affected **3,056,950 individuals**, after earlier placeholder reporting while scope was still being determined; reported unauthorized access windows vary from **July 8–12, 2025** to a broader **June 17–July 22, 2025**. Another incident involved AI care-coordination platform *Lena Health*, where a threat actor claimed exposure of patient data (including references to a **Twilio call recording database**) and alleged that **2,134 patients’ PHI** was stored in an unencrypted export in a public-facing **AWS S3 bucket**, with follow-on reporting indicating exploitation after a publicly disclosed vulnerability and an available patch that was not applied in time.
1 months ago
Third-Party Healthcare and Benefits Service Provider Breaches Expand to Millions of Victims
Health insurance technology provider **TriZetto Provider Solutions** (a Cognizant subsidiary) updated breach notifications indicating the impact of its **November 2024** intrusion has grown to **more than 3.4 million** affected individuals. Disclosures to state regulators and downstream notifications from county governments and healthcare providers indicate theft of sensitive personal data including **addresses, Social Security numbers, and health insurance identifiers**, with some jurisdictions reporting hundreds of thousands of impacted residents. Separately, the **Conduent** incident has expanded dramatically in public filings, with reported totals rising from roughly **10.5 million** to **more than 25 million** affected individuals across the US, including a major increase in **Texas** (reported at **15.4 million**) while **Oregon** remains around **10.5 million**. Reporting indicates attackers maintained access for roughly **three months** and exfiltrated about **8 TB** of data, underscoring the systemic risk posed by large, behind-the-scenes vendors that support **Medicaid/SNAP and other state benefit programs**, healthcare-related processing, and major employer services—creating a wide “blast radius” even for individuals unfamiliar with the vendor name.
1 months ago
Multiple Healthcare Data Breaches Expose Patient Information
Several healthcare organizations in the United States have reported significant data breaches resulting in the exposure of protected health information (PHI) for tens of thousands of patients. TriZetto Provider Solutions, a revenue management service provider, discovered unauthorized access to its web portal dating back to November 2024, with attackers accessing historical eligibility transaction reports containing sensitive patient data such as names, addresses, Social Security numbers, and health insurance details. The breach was detected in October 2025, after which immediate remediation steps were taken, including engaging Mandiant for investigation and securing the affected systems. Other incidents include breaches at Morton Drug Company in Wisconsin, Physicians to Children & Adolescents in Kentucky, the Center for Urologic Care of Berks County in Pennsylvania, North Atlantic States Carpenters Health Benefits Fund in Massachusetts, and Millcreek Pediatrics in Delaware. These breaches involved unauthorized network access and resulted in the exposure of PHI, including names, birth dates, medical record numbers, prescription information, and, in some cases, Social Security numbers. Affected organizations have notified impacted individuals and are offering credit monitoring services where appropriate, while also implementing enhanced security measures to prevent future incidents.
1 months ago