TriZetto Confirms 2024 Cyberattack Exposing 3.4 Million Patients’ Data Health technology firm TriZetto, a subsidiary of Cognizant, disclosed a 2024 cyberattack that compromised the personal and health information of over 3.4 million individuals. The breach, detected on October 2, 2025, remained undetected for nearly a year, with hackers gaining access as early as November 2024. TriZetto, which processes insurance eligibility transactions for 200 million patients across 875,000 U.S. healthcare providers, confirmed in a filing with Maine’s attorney general that stolen data included names, dates of birth, addresses, Social Security numbers, provider details, and insurance information. The company stated that not all customers were affected. Affected organizations include OCHIN, a nonprofit serving 300 rural and community care providers, as well as multiple California-based healthcare entities. Cognizant confirmed the threat was neutralized but did not explain the delayed detection. This incident follows the 2024 ransomware attack on Change Healthcare, which disrupted U.S. medical services and exposed 192 million patient records. TriZetto’s breach underscores ongoing vulnerabilities in the healthcare sector’s cybersecurity defenses.

Ransomware Dominates Breaches, Shifting Cybersecurity Focus to Identity Resilience Ransomware remains a dominant threat, accounting for 44% of all breaches in 2025, according to Verizon’s Data Breach Investigations Report. The impact is even more severe for small and midsize businesses (SMBs), where ransomware plays a role in nearly 90% of breaches, compared to 39% for large organizations. Attackers increasingly target privileged accounts and identity infrastructure, such as Active Directory, to escalate access and lock out legitimate users within minutes. Even after data restoration, a compromised identity layer can prolong recovery, leaving organizations unable to regain control of their systems. As a result, identity recovery has become a cornerstone of cyber resilience. Identity systems are deeply embedded in authentication and access workflows, making their recovery critical to preventing reinfection. Security leaders now prioritize secure restoration to ensure attackers cannot re-enter compromised environments. The issue has escalated to board-level concern, with regulators and cyber insurers demanding tested recovery plans, immutable backups, and defined recovery time objectives (RTOs). Frameworks like GDPR and CCPA impose penalties for prolonged downtime, pushing organizations to adopt recovery engineering a structured, automated approach that aligns technical recovery with business priorities. Key capabilities for resilience include: - Identity resilience: Immutable backups and automated recovery for identity systems. - Zero-trust architecture: Least-privilege access and continuous authentication to limit attack spread. - Automated orchestration: Reducing manual steps to accelerate response times. - Regulatory readiness: Integrating compliance validation into resilience planning. - AI-ready protection: Securing data environments against autonomous threats with fast rollback capabilities. - Backup platform isolation: Treating backups as a separate security domain for minimal viable recovery. Companies like Cognizant and Rubrik are addressing these challenges with integrated solutions. Rubrik offers immutable storage, ransomware recovery, and Active Directory restoration, while Cognizant provides orchestration and domain expertise to align recovery with business continuity and compliance needs. Together, they aim to strengthen cyber resilience through a unified, service-based model.

TriZetto Provider Solutions Breach Exposes Data of Over 3.4 Million Individuals In a major cybersecurity incident, TriZetto Provider Solutions, a health insurance technology subsidiary of Cognizant, reported that the sensitive data of 3.4 million individuals was stolen in a 2024 breach. The attack, attributed to the ShinyHunters hacking group, compromised employee data and disrupted IT systems, including billing and customer delivery operations. While Wynn Resorts another victim of ShinyHunters acknowledged a breach and offered credit monitoring services to affected employees, the group later claimed to have deleted the stolen data, a move experts suggest may indicate a ransom payment. However, cybersecurity analysts, including Dray Agha of Huntress, caution that threat actors often retain or sell stolen data despite such assurances, as there is no reliable way to verify deletion claims. The breach highlights the growing risk of extortion-based cyberattacks, where hackers demand payment in exchange for purported data removal though victims remain vulnerable to future misuse. The incident underscores the challenges organizations face in confirming the true scope of data compromise and the effectiveness of attacker promises.

IT services provider Cognizant was hit by the Maze ransomware group in April 2020. The ransomware incident only impacted the internal network including supporting employees' work from home setups. The attack impacted its revenue by the range of $50 million to $70 million for the quarter,