Medical information belonging to over 3.4 million patients was stolen in cyberattack targeting the healthcare technology company known as TriZetto.

TriZetto, which assists healthcare providers across the United States in verifying insurance eligibility and processing coverage checks before patients receive treatment, is owned by the technology firm Cognizant, Kurt the “CyberGuy” Knutsson wrote for Fox News on Friday.

The company supports healthcare operations via more than 875,000 providers; therefore, it is at a greater risk of being targeted by cybercriminals who are looking to steal data because it is considered valuable.

“TriZetto said hackers accessed insurance eligibility transaction reports stored on its servers,” Knutsson explained, noting that stolen data may include names, birth dates, home addresses, social security numbers, insurance information, healthcare provider names, and demographic information linked to patients’ medical records.

In March, Infosecurity Magazine reported that Cognizant “is no stranger to security incidents,” adding, “A ransomware attack by the Maze group back in April 2020 resulted in expected costs of $50-70m.”

“Last year, the firm was sued by one of its clients, cleaning products provider Clorox, after a 2023 cyber attack. The lawsuit alleges that a Cognizant helpdesk staffer reset an employee password without following the firm’s security protocols, enabling a threat actor to access its network in a breach said to have cost Clorox $49m,” the report stated.

Knutsson said the hackers who targeted TriZetto may have been lurking in the system since November 2024, meaning the longer they hid, the more data they could access.

“Cognizant spokesperson William Abelson said the company removed the threat from its systems after identifying the breach. However, the company has not explained why the intrusion went undetected for so long,” Knutsson stated, also noting that medical data can fetch a high price when it comes to cybercrime.

In June, security researchers discovered what may have been the biggest data breach in history linked to 16 billion login credentials, Breitbart News reported at the time.

More recently, the outlet said, “Roughly one billion sensitive records across 26 countries have been exposed as part of a massive data leak, although the company impacted maintains it has no indication that customer data has been compromised.”

“Researchers say that an unprotected database tied to IDMerit, a company that helps businesses confirm identities, exposed about one billion sensitive records across 26 countries. In America, more than 203 million records were left unsecured. Mexico, the Philippines, Germany, Italy, and France were also heavily impacted by the data leak,” the report stated.