Your health information is among the most personal things you own. If you received a notice about the TriZetto Provider Solutions (TPS) data breach, or if you were a patient at an affected Tennessee healthcare facility like Erlanger Health System, you may be wondering what happened and what legal options are available to you.
This guide provides an overview of the data breach, the timeline of events, and the implications for Tennessee residents.
Overview of the TriZetto Provider Solutions (TPS) Data Breach
TriZetto Provider Solutions (TPS) is a subsidiary of Cognizant Technology Solutions, a multinational IT conglomerate. TPS provides critical billing and insurance eligibility services to approximately 875,000 healthcare provider locations across the United States.
In a security incident that began in late 2024, an unauthorized user gained access to a TPS web portal used by healthcare providers to verify insurance eligibility.
According to reports from the HIPAA Journal, the intruder remained undetected for nearly a year, only being discovered in October 2025.
Current Timeline
The delay between the initial intrusion and the discovery has raised significant concerns regarding data security protocols:
- November 2024: Unauthorized access to TPS systems begins through a provider web portal.
- October 2, 2025: TPS discovers the suspicious activity and launches a forensic investigation.
- December 9–11, 2025: TPS begins notifying affected healthcare providers, including those in Tennessee.
- March 6, 2026: TechCrunch confirms that 3.4 million people had their health and personal data stolen during the breach.
- May 8, 2026: The current deadline for affected individuals to enroll in complimentary credit monitoring services.
Summary of the Class Action Lawsuit
Multiple class action lawsuits have been filed naming both TriZetto and Cognizant as defendants.
As reported by GovInfoSecurity, the litigation alleges that the companies failed to implement industry-standard cybersecurity measures and failed to provide timely notification to victims.
Plaintiffs seek damages for the increased risk of identity theft and the costs associated with monitoring their credit and medical records.
Implications for Victims
For Tennessee residents, this breach hit close to home. The Erlanger Health System data breach notice confirmed that patients at the Chattanooga-based facility were among those whose Protected Health Information (PHI) was involved.
Health Information Management Concerns
When medical data is stolen, the risks are more complex than a standard credit card breach. Stolen information in this incident included names, Social Security numbers, Medicare beneficiary identifiers, and health insurance details.
Medical identity theft can lead to:
- Inaccurate information is being added to your medical records.
- Fraudulent insurance claims are being filed in your name.
- The exhaustion of your health insurance benefits by unauthorized parties.
Potential HIPAA Violations
The Health Insurance Portability and Accountability Act (HIPAA) requires that covered entities and their business associates notify affected individuals of a breach within 60 days of discovery.
Legal complaints argue that the year-long gap between the start of the breach and its discovery, as well as the subsequent notification timeline, may constitute a violation of these federal standards.
Legal Disclaimer: This content is provided for informational purposes only and does not constitute legal advice. Reading this page does not create an attorney-client relationship. Laws and deadlines vary by jurisdiction.