Cyberattack on TriZetto Exposes Medical Information of 3.4 Million Patients
A cybersecurity incident involving TriZetto, a healthcare technology provider, has led to the theft of medical data belonging to over 3.4 million individuals.
TriZetto assists healthcare professionals throughout the U.S. with tasks like verifying insurance eligibility and processing coverage checks prior to patient treatments. It’s owned by Kurt “CyberGuy” Knutsson, who is also the head of the technology firm, Cognizant.
Supporting more than 875,000 healthcare providers means that the data held by TriZetto is quite valuable and, unfortunately, a prime target for cybercriminals.
“The hackers managed to access insurance eligibility transaction reports stored on TriZetto’s servers,” Knutsson noted. The compromised data may include a range of personal details such as names, birth dates, addresses, Social Security numbers, insurance information, and details about healthcare providers related to the affected patients.
According to March Infosecurity Magazine, Cognizant isn’t a stranger to security issues, referencing a ransomware attack by the Maze group in April 2020, which cost the company between $50 and $70 million.
Moreover, last year, Cognizant faced a lawsuit from Clorox, a cleaning product manufacturer, stemming from a cyberattack in 2023. The lawsuit claims that Cognizant’s staff reset employee passwords without adhering to standard security protocols, allowing attackers to infiltrate Clorox’s network, leading to an alleged breach that cost the company $49 million.
Knutsson mentioned that the hackers might have been lurking within the TriZetto system since November 2024. The longer they remain undetected, the more data they can potentially access.
“Cognizant’s spokesperson, William Abelson, stated that the company identified the breach and eliminated the threat from their systems.” However, it remains unclear why it took so long for the intrusion to be detected, with medical data typically commanding a high price on the cybercrime market.
In June, security researchers revealed what could be the largest data breach to date, involving 16 billion login credentials, as reported by Breitbart News.
Additionally, the same outlet highlighted that “nearly 1 billion sensitive records were exposed across 26 countries in a vast data breach,” although the affected companies maintained that there was no evidence customer data had been compromised.
“Researchers indicated that an unsecured database tied to IDMerit, a business identity verification firm, was responsible for exposing almost one billion sensitive records globally. In the U.S. alone, over 203 million records were found to be inadequately protected, with Mexico, the Philippines, Germany, Italy, and France also experiencing significant impacts from the breach,” the report stated.
