TRHS Data Breach Exposes Patient Information via Third-Party Vendor Terry Reilly Health Services (TRHS) has begun notifying patients of a data security incident that may have compromised personal and health-related information. The breach, discovered through TriZetto Provider Solutions (TPS) a third-party vendor for OCHIN, TRHS’s electronic medical record provider prompted immediate action from cybersecurity experts and law enforcement. TPS contained and neutralized the threat while implementing enhanced security measures to prevent future incidents. Exposed data may include names, addresses, dates of birth, Social Security numbers, health coverage member numbers, insurer details, provider names, and other demographic and health information. Financial data, such as payment cards and bank accounts, was not affected. Affected individuals will receive notification letters by mail within the next week, along with instructions for enrolling in complimentary identity and credit monitoring services provided by Kroll. Patients will need a unique code from the letter to access the service. TRHS has not disclosed the number of impacted individuals or the exact timeline of the breach.

Baltimore City Health Department Investigates Third-Party Data Breach The Baltimore City Health Department (BCHD) is investigating a data breach involving its third-party electronic medical records system, which handles insurance and eligibility processing. The breach, linked to vendor OCHIN Inc., exposed files containing patients’ insurance eligibility verification data. BCHD confirmed that its internal systems remain unaffected and that the incident was isolated to the third-party platform. OCHIN Inc. is collaborating with a fraud assistance provider to address the breach and will offer free credit monitoring services to impacted individuals. Notifications to affected patients are expected to begin around February 9, 2026. A dedicated helpline (410-545-6674) has been established for inquiries. In a statement, Baltimore City Health Commissioner Dr. Michelle Taylor expressed regret over the breach, emphasizing the department’s commitment to patient privacy and vendor security compliance. BCHD is working with TriZetto and other experts to mitigate the breach’s impact and provide support to those affected.

Health Gorilla Data Breach Exposes Sensitive Patient Information Health Gorilla, a Silicon Valley-based healthcare interoperability platform founded in 2014, is under investigation following a data breach that may have exposed sensitive patient information. The incident, disclosed on January 13, 2026, involved an unauthorized disclosure of health data through its health information exchange (HIE) network. The breach potentially compromised a wide range of personally identifiable information (PII) and medical records, including: - Names, dates of birth, and addresses - Driver’s license and insurance card details - Financial information - Clinical data (diagnoses, conditions, lab results, medications, and care plans) Health Gorilla reported that the data may have been accessed for treatment purposes, but investigators have not confirmed whether the requests or authorizations were legitimate. In response, the affected health organizations Mosaic, OCHIN, Reid Health, Trinity Health, and UMass Memorial Health were temporarily suspended from the HIE while the investigation continues. Class action law firm Shamis & Gentile P.A. is examining potential legal claims for affected individuals, who may be eligible for compensation. The full scope and impact of the breach remain under review.

CommuniCare+OLE Reports Data Breach Affecting Sensitive Patient Information CommuniCare+OLE, a healthcare provider, disclosed a data breach involving unauthorized access to sensitive personal and health information. On December 15, 2025, OCHIN CommuniCare+OLE’s electronic medical record system provider alerted the organization that an unauthorized individual had compromised a system managed by TriZetto, a third-party vendor. The breach prompted an investigation to assess the scope and impact. While details of the security incident remain undisclosed, affected data may include names, Social Security numbers, dates of birth, contact information, and health or insurance-related records. The exact information exposed varies by individual. CommuniCare+OLE has since begun notifying impacted individuals via mail, providing specifics on the compromised data. The breach notice filed with the California Attorney General’s office outlines the types of information potentially exposed. Further details can be found in the official notification documents.

Petaluma Health Center Data Breach Exposes Sensitive Patient Information Petaluma Health Center recently disclosed a data breach affecting sensitive personal and health-related information of its patients. On December 15, 2025, the center was alerted by its electronic medical record system, OCHIN, that an unauthorized individual had accessed a system belonging to TriZetto, a third-party vendor working with OCHIN. TriZetto’s investigation confirmed that patient data linked to Petaluma Health Center may have been exposed during the breach. The compromised information varies by individual but includes names, Social Security numbers, dates of birth, contact details, and health or insurance-related data. In response, Petaluma Health Center began notifying affected individuals via mail, detailing the specific types of information impacted. The center and TriZetto are also offering complimentary credit monitoring services to those affected. The breach notice was filed with the California Attorney General’s office.

Adapt Integrated Health Care Reports Third-Party Data Security Incident Adapt Integrated Health Care disclosed a data security incident involving TriZetto, a third-party vendor for its electronic medical record system provider, OCHIN. The breach was discovered on December 10, 2025, when OCHIN notified Adapt that an unauthorized individual had accessed one of TriZetto’s systems. TriZetto acted to halt the unauthorized activity and secure its systems. While Adapt’s internal systems were not directly breached, the incident may have exposed sensitive patient information. Not all patients were affected, and there is currently no evidence that the data has been misused. Potentially exposed data includes: - Names - Social Security numbers - Dates of birth - Contact information - Health-related and insurance details Adapt is collaborating with OCHIN to strengthen security measures and review its own processes to prevent future incidents. TriZetto plans to begin sending individual notification letters to affected patients in February 2026, with support from its vendor, Kroll, which will provide identity theft protection services, call center assistance, and credit monitoring enrollment instructions. For further details, patients may contact TriZetto’s dedicated call center at (844) 572-2724 or reach out to Heather Donohue, COO of TriZetto Provider Solutions, at (314) 802-6789.

SFCHC Reports Data Breach Affecting Patient Information via Third-Party Vendor San Francisco Community Health Center (SFCHC) disclosed a data breach involving sensitive patient information, stemming from a security incident at one of its business associates. On December 12, 2025, SFCHC was alerted by OCHIN a vendor managing its electronic health record system that TriZetto Provider Solutions (TriZetto), a subcontractor handling healthcare eligibility and claims, had experienced unauthorized access to its systems. TriZetto’s investigation confirmed that an unauthorized third party may have accessed patient data linked to SFCHC between November 2024 and October 2, 2025. The exposed information varies by individual but includes names, Social Security numbers, addresses, dates of birth, and health insurance details such as member numbers, insurer names, and provider information. SFCHC has since reviewed the impacted data to identify affected individuals and began mailing breach notification letters. In compliance with California regulations, the notices outline the specific types of compromised information and offer complimentary credit monitoring services to those affected. The breach report filed with the California Attorney General’s office provides further details.

TriZetto Confirms 2024 Cyberattack Exposing 3.4 Million Patients’ Data Health technology firm TriZetto, a subsidiary of Cognizant, disclosed a 2024 cyberattack that compromised the personal and health information of over 3.4 million individuals. The breach, detected on October 2, 2025, remained undetected for nearly a year, with hackers gaining access as early as November 2024. TriZetto, which processes insurance eligibility transactions for 200 million patients across 875,000 U.S. healthcare providers, confirmed in a filing with Maine’s attorney general that stolen data included names, dates of birth, addresses, Social Security numbers, provider details, and insurance information. The company stated that not all customers were affected. Affected organizations include OCHIN, a nonprofit serving 300 rural and community care providers, as well as multiple California-based healthcare entities. Cognizant confirmed the threat was neutralized but did not explain the delayed detection. This incident follows the 2024 ransomware attack on Change Healthcare, which disrupted U.S. medical services and exposed 192 million patient records. TriZetto’s breach underscores ongoing vulnerabilities in the healthcare sector’s cybersecurity defenses.

TriZetto Confirms 2024 Cyberattack Exposing 3.4 Million Patients’ Data TriZetto, a major U.S. health technology provider under Cognizant, disclosed a 2024 cyberattack that compromised the personal and medical data of over 3.4 million individuals. The breach, detected on October 2, 2025, went unnoticed for nearly a year, with unauthorized access dating back to November 2024. The stolen data included sensitive information such as names, dates of birth, home addresses, Social Security numbers, health status details, provider names, and insurance records. TriZetto, which processes insurance eligibility for roughly 200 million patients through 875,000 healthcare providers, confirmed that patient eligibility reports were extracted from its servers. Multiple organizations, including OCHIN a nonprofit serving 300 U.S. providers and several California-based medical providers, verified that their patients’ data was exposed. However, TriZetto stated that not all clients were affected. The incident follows a 2024 ransomware attack on Change Healthcare, which resulted in the theft of 192 million patient files and caused widespread disruptions in medical services nationwide. TriZetto has not provided details on why the breach remained undetected for nearly a year, and Cognizant has not responded to requests for comment.