Cognizant TriZetto

Cognizant's TriZetto healthcare solutions division experienced a data breach affecting their claims processing infrastructure. TriZetto processes healthcare claims for numerous health plans across the United States—handling the data that moves between providers, insurers, and patients. The breach exposed protected health information flowing through their systems.

Healthcare claims data is uniquely comprehensive. It includes diagnosis codes (ICD-10), procedure codes (CPT), provider information, member identifiers, and the financial details of every medical encounter. A single claim can reveal what condition you were treated for, which doctor you saw, and what your insurance paid.

Claims processors sit at the intersection of the entire healthcare system. They see data from multiple health plans, multiple providers, and millions of patients.

Patients whose claims were processed through TriZetto's systems. They didn't choose TriZetto—their health plan did. Now their medical encounters, diagnoses, and treatment information may be in attacker hands.

Claims data enables medical identity theft, insurance fraud, and targeted scams. Attackers can use diagnosis information for blackmail or sell it to those who would discriminate based on health status.

Cognizant is a Fortune 500 technology company. TriZetto is one of the largest healthcare IT companies in the industry. They have HIPAA compliance programs, security certifications, and enterprise clients who trust them with the most sensitive healthcare data. They process billions of dollars in claims annually.

Health plans chose TriZetto specifically because they're supposed to be able to handle PHI securely at scale.

Claims processors handle enormous data volumes—millions of transactions daily. Each transaction contains PHI. TriZetto didn't know how their data was exposed, where the boundaries were, or how much could be accessed from a single point of compromise.

When you process claims for multiple health plans, a single breach affects patients across all of them. That aggregation is the business model—and the risk.

Cognizant had to work with multiple health plan clients to determine scope. Each health plan then had to notify their own members. The chain of notifications extends from processor to payer to patient—each link adding delay and complexity.

For a claims processor, breach response means explaining to enterprise clients why their members' data was exposed. Those conversations don't go well.