Millions of patients have had personal and health insurance information compromised after a breach at IT firm TriZetto Provider Solutions (TPS).

A breach notification disclosure posted by the Office of the Maine Attorney General revealed that over 3.4 million individuals were affected by the incident.

Owned by US IT services firm Cognizant Technology Solutions, TPS provides claims management, billing services and other software for the healthcare sector – including hospitals, physician practices and insurers.

The firm said in the notification that it discovered suspicious activity in a web portal used by some of its healthcare provider customers, on October 2 2025.

Read more on healthcare breaches: Over 5.4 Million Affected in Healthcare Data Breach at Episource.

TPS confirmed that no payment card, bank account or financial details were taken in the raid. However, it said the following may have been compromised:

Names, addresses, dates of birth, Social Security numbers, health insurance member numbers (including Medicare identifiers), provider names, health insurer names, primary insured information, and other demographic, health, and health insurance information.

Taking Next Steps

TPS said that investigations by law enforcement and security partners were undertaken and that it has implemented additional security protocols.

It’s unclear what these were, although the firm’s website claims that its platform is certified to SOC 2, EHNAC and HITRUST.

TPS said it is providing credent monitoring services to those affected.

Parent company Cognizant is no stranger to security incidents. A ransomware attack by the Maze group back in April 2020 resulted in expected costs of $50-70m.

Last year, the firm was sued by one of its clients, cleaning products provider Clorox, after a 2023 cyber attack.

The lawsuit alleges that a Cognizant helpdesk staffer reset an employee password without following the firm’s security protocols, enabling a threat actor to access its network in a breach said to have cost Clorox $49m.