One Community Health, a nonprofit health center based in Sacramento, California, has begun notifying patients that their sensitive personal and health information was potentially compromised in a significant data breach originating not from its own systems, but from its business partner, TriZetto Provider Solutions. The incident has affected an undisclosed number of individuals, exposing a combination of personally identifiable information (PII) and protected health information (PHI), creating a serious risk of fraud and identity theft for those impacted. TriZetto, which functions as a health insurance clearinghouse, is responsible for processing insurance eligibility and claims for One Community Health and other healthcare providers. The breach highlights the growing cybersecurity risks associated with third-party vendors who handle critical and confidential data, demonstrating how vulnerabilities in one part of the supply chain can have far-reaching consequences for partner organizations and their clients. The health center issued a formal notice on its website on December 19, 2025, to inform the public about the security event.
1. Details of the Incident and Exposed Information
The security failure was first identified by TriZetto on October 2, 2025, when the company detected suspicious activity within a web portal utilized by some of its healthcare provider clients. An immediate investigation was launched in collaboration with external cybersecurity firm Mandiant and law enforcement agencies. The forensic analysis determined that an unauthorized actor had gained access to certain historical eligibility transaction reports stored on TriZetto’s system. The period of unauthorized access was alarmingly long, spanning nearly a full year from November 2024 to October 2, 2025. The specific information exposed varies by individual but could include a wide range of sensitive data, such as the full names of patients and their primary insureds, physical addresses, dates of birth, Social Security numbers, health insurance member ID numbers, and in some instances, Medicare beneficiary numbers. Furthermore, the compromised reports contained the names of health insurers and other demographic, medical, and health insurance details. TriZetto has since confirmed that there has been no further unauthorized activity detected in its environment since the incident was contained on October 2nd.
2. Response and Recommended Protective Measures
In response to the discovery, TriZetto took immediate action to eliminate the threat and secure its systems. The company engaged cybersecurity professionals to investigate the full scope of the breach and has been cooperating with law enforcement. To assist those affected by this incident, TriZetto is offering complimentary identity protection services through Kroll, which include credit monitoring, fraud consultation, and identity theft restoration. Individuals who receive a notification letter from One Community Health or TriZetto are strongly encouraged to take several proactive steps to protect themselves. It is highly recommended to sign up for the free identity theft protection services being offered. Additionally, all potentially affected individuals should diligently monitor their credit reports, financial account statements, and Explanation of Benefits statements from their health insurer for any unusual or unauthorized activity. It is also crucial to be vigilant for potential phishing emails, text messages, or phone calls that may attempt to use the exposed information to solicit further personal details. For added security, placing a fraud alert or a credit freeze with the major credit bureaus (Equifax, Experian, and TransUnion) is an effective preventative measure. For specific questions, patients were directed to contact Amaz-Linda Affi, the Privacy Manager, or Rob P. Colon-Torres, the Chief Compliance Officer, at One Community Health.
