Summary: The class-action lawsuit against Cognizant subsidiary TriZetto has expanded as new plaintiffs join the litigation following a year-long undetected breach. The lawsuit seeks over $5 million in damages, alleging that the provider failed to follow industry-standard security practices, leading to the exposure of Social Security numbers and health identifiers.
Business Impact: Significant financial and legal liability. This case serves as a warning for “Third-Party Risk” in the healthcare sector. Managed Service Providers (MSPs) and SaaS platforms are being held to a higher standard of “detect and respond” capability, with “undetected for a year” now becoming a primary trigger for negligence claims.
Why It Happened: An unauthorized party accessed the TriZetto web portal in late 2024. The breach remained undetected for nearly 12 months due to gaps in anomaly detection and access logging within the provider’s web-facing infrastructure.
Recommended Executive Action: For healthcare and insurance clients, conduct a “Dwell-Time Audit.” Verify how long it would take to detect unauthorized access to your primary web portals. Ensure that your insurance policy covers “regulatory and class-action” expenses specifically related to subsidiary or vendor breaches.
Hashtags: #TriZetto #DataBreach #HealthcareSecurity #ClassAction #ThirdPartyRisk #Compliance
