Cognizant faces U.S. lawsuits over TriZetto healthcare data breach
MUMBAI, INDIA and NEW YORK, UNITED STATES — United States software services firm Cognizant Technology Solutions is facing multiple class action lawsuits after a significant data breach at its healthcare claims processing subsidiary, TriZetto Provider Solutions (TPS).
According to a report from The Economic Times, the lawsuits allege that TPS failed to properly safeguard sensitive patient information and delayed notifying affected individuals, putting the company under intense legal scrutiny.
Four lawsuits allege delayed breach notification
At least four lawsuits were filed in December 2025 in the U.S. district courts for New Jersey and the Eastern District of Missouri.
The complaints center on allegations that TriZetto “failed to properly secure and safeguard Plaintiff’s and other similarly situated current and former patients’ sensitive information, including protected health information (‘PHI’) and other personally identifiable information (‘PII’),” according to one of the complaints filed on December 17, 2025.
Details of the breach reportedly include patient names, addresses, dates of birth, social security numbers, health insurance member numbers, and other demographic and health insurance information.
The plaintiffs claim that more than 100 people across several U.S. states were affected, with damages sought exceeding US$5 million, excluding interest and costs.
11-month breach went undetected
An unauthorized third party allegedly gained access to TriZetto’s network in November 2024, but the company reportedly did not discover the breach until October 2, 2025, almost a year later.
Following the discovery, TriZetto engaged an external vendor to investigate the incident, which confirmed that sensitive patient and insured persons’ data had been compromised, as per one complaint filed on December 23, 2025.
“TPS takes the protection of information very seriously and regrets any inconvenience this incident may have caused. Because this matter involves ongoing litigation, we are unable to provide further comment at this time,” a Cognizant spokesperson told The Economic Times.
Healthcare outsourcing cybersecurity risks
The lawsuits against Cognizant underscore the growing cybersecurity and compliance risks faced by outsourcing firms handling sensitive healthcare data. The incident highlights the importance of robust data security protocols and prompt breach notification in maintaining client trust and avoiding costly litigation.
In an industry where third-party vendors play a critical role in healthcare operations, lapses like these can ripple across the outsourcing ecosystem, drawing regulatory attention and increasing operational scrutiny.
For companies like Cognizant, safeguarding patient information is no longer just a technical obligation; it is a strategic imperative with direct legal and reputational consequences.
