Cognizant TriZetto Data Breach Lawsuit: 3.4M Affected
Healthcare Data Breach · New MDL

Cognizant / TriZetto Provider Solutions Data Breach Class Action Lawsuit

Published July 14, 2026

If a healthcare provider notified you that your data was exposed through its billing vendor "TriZetto," this is the case. It is a brand-new consolidated litigation — there is no settlement and nothing to claim yet.

A healthcare data-security illustration, representing the Cognizant TriZetto Provider Solutions data breach litigation, MDL 3185
A breach at Cognizant subsidiary TriZetto Provider Solutions exposed health and identity data for about 3.4 million people. The consolidated litigation is MDL No. 3185 in the Eastern District of Missouri.
Allegations Only · No Settlement Yet

This article describes newly consolidated class action complaints. The statements below are unproven allegations. Cognizant and TriZetto Provider Solutions have not been found liable, there is no certified class, and there is nothing to claim at this time. This page is informational and is not legal advice.

What Is This About?

Cognizant Technology Solutions and its subsidiary TriZetto Provider Solutions, LLC (TPS) face a new round of consolidated federal litigation over a healthcare data breach. The cases are gathered as In re: Cognizant Technology Solutions Corporation and TriZetto Provider Solutions, LLC, Data Security Breach Litigation, MDL No. 3185, in the U.S. District Court for the Eastern District of Missouri. The Judicial Panel on Multidistrict Litigation centralized the actions in a transfer order dated June 5, 2026.

TPS provides revenue-cycle-management and medical-billing technology — claims, eligibility checks, and related services — to hospitals, health systems, and physician practices. Most affected people never had a direct relationship with TriZetto or Cognizant; the exposure flowed through their provider's use of the vendor. Plaintiffs allege the companies failed to secure the data and were slow to notify those affected. The defendants have not been found liable, and the allegations remain unproven.

Status New MDL — Pleading Stage MDL 3185 · E.D. Mo. · centralized June 5, 2026 · ~28 actions consolidated
People Affected 3,433,965 · SSNs + health data Access began Nov. 2024 · detected Oct. 2, 2025 · reported to HHS Feb. 6, 2026 · no payment/bank data involved
Can I Claim? No — nothing to claim yet No settlement or fund · only free Kroll monitoring offered in the breach notice

What Happened

According to TPS's disclosures, an unauthorized actor intermittently accessed records tied to eligibility-verification transactions beginning in November 2024. TPS has said it detected suspicious activity on a provider-facing web portal on October 2, 2025, engaged the forensic firm Mandiant to investigate, and stated that the threat actor was removed and no further access was detected. TPS reported the incident to the U.S. Department of Health and Human Services on February 6, 2026, listing 3,433,965 individuals affected — one of the larger confirmed healthcare breaches of the year.

The exposed information varied by individual. TPS has said it could include names, addresses, dates of birth, Social Security numbers, health-insurance member numbers, and for some people a Medicare Beneficiary Identifier, along with provider and insurer names and other demographic or insurance details. TPS has stated that no payment-card, bank-account, or other financial information was involved, and that it was not aware of identity theft or fraud tied to the incident as of its notice. TPS began notifying affected provider customers on December 9, 2025, and individuals are being notified by mail, with credit monitoring provided through Kroll.

What the Lawsuits Allege

The complaints allege that Cognizant and TPS failed to implement adequate, industry-standard data-security measures to protect the sensitive information they processed for healthcare providers, and that they delayed or inadequately notified the people whose data was exposed. Plaintiffs bring negligence, negligence per se, breach-of-contract, invasion-of-privacy, breach-of-fiduciary-duty, unjust-enrichment, and state consumer-protection claims, and seek to represent the affected individuals.

These are allegations only. The defendants have not been found liable, no class has been certified, and they dispute the claims. Because the MDL was only just centralized, the next steps are procedural — appointment of lead counsel, a consolidated complaint, and motion practice — not a payout.

Is There a TriZetto Settlement Yet?

No. This is brand-new litigation, not a settlement.

There is no settlement fund, no claim form, no payout, and no deadline to act. MDL 3185 was centralized in June 2026 and is at the pleading stage. The one thing affected individuals can act on now is the free identity-monitoring enrollment offered in the breach notice through Kroll — that is remediation the company is providing, not a class-action settlement or payout. If the cases are later resolved through a settlement, or a class is certified, a formal claims process with its own eligibility rules and deadlines would be announced separately.

Who Is Affected and What You Can Do

The affected population is patients of healthcare providers that used TriZetto Provider Solutions for billing, claims, or eligibility services, whose data was in the accessed records. In practice, that means people who received a breach-notification letter from TPS or from their provider. Named provider organizations that posted their own notices include MercyOne, San Francisco Community Health Center, and Gardner Health Services, among many others.

• If your notice offers free credit or identity monitoring through Kroll, consider enrolling — it is free and does not affect any future claim.
• Consider a free credit freeze and fraud alerts, and monitor your financial and insurance statements.
• Because Social Security numbers and health data were involved for some people, watch for both financial and medical-identity theft.
• There is nothing to file right now; keep any breach notice you received in case a claims process later opens.

For breach settlements that are open and claimable now, see OCA's data breach settlements tracker.

Frequently Asked Questions

Is there a Cognizant / TriZetto settlement yet?

No. MDL 3185 was centralized in the Eastern District of Missouri in mid-2026 and is at the pleading stage. There is no fund, no claim form, and no deadline. The only thing available now is the free monitoring in the breach notice.

How many people were affected?

TPS reported 3,433,965 individuals to HHS in February 2026. The data could include Social Security numbers and health-insurance information; TPS said no payment-card or bank data was involved.

Do I need to file a claim?

No. Because this is a lawsuit and not a settlement, there is nothing to claim and no deadline. Enroll in any free monitoring offered and keep your breach notice. If a class is certified or a settlement is reached, a claims process and deadlines would be announced separately.

Sources

• Judicial Panel on Multidistrict Litigation — transfer order creating MDL No. 3185 (June 5, 2026): JPML Transfer Order
• U.S. Department of Health & Human Services — Office for Civil Rights breach portal (search "TriZetto"): HHS OCR Breach Portal
• TriZetto Provider Solutions — official breach notice and Kroll monitoring enrollment: TPS Incident Notice
• HIPAA Journal — reporting on the TriZetto Provider Solutions breach: HIPAA Journal Coverage


For more class actions keep scrolling below.
Status New MDL — Pleading Stage (no settlement)
Case In re Cognizant Technology Solutions Corp. & TriZetto Provider Solutions, LLC, Data Security Breach Litigation
MDL Number MDL No. 3185
Court U.S. District Court, Eastern District of Missouri
Centralized June 5, 2026 · ~28 actions consolidated
Court Order JPML Transfer Order

Related Data Breach Cases & Settlements