Fieldtex and TriZetto Uncover Recent Healthcare Data Breaches

Fieldtex Products, a medical supply fulfillment company based in Rochester, New York, has disclosed a data breach affecting over 274,000 individuals. This incident, which occurred in August, has raised concerns about the security of protected health information as the company begins notifying clients and patients about the risks associated with the breach.

On November 20 and December 3, Fieldtex submitted multiple breach reports to the U.S. Department of Health and Human Services’ Office for Civil Rights. These reports classify Fieldtex as a HIPAA business associate, responsible for providing sensitive information on behalf of health plan clients. The company’s breach notification reiterated its obligation to inform affected individuals, emphasizing its role in safeguarding their health data.

In its breach statement, Fieldtex elaborated on the unauthorized activity detected within its systems around August 19, prior to which it had been using a third-party forensic investigation team to understand the full scope of the attack. The investigation concluded that there was a potential risk that an unknown adversary may have accessed patient data, although Fieldtex has indicated that there is no current evidence of misuse of any information.

The compromised data included essential details such as patient names, addresses, dates of birth, insurance identification numbers, plan names, terms of coverage, and gender. In response to these risks, Fieldtex is offering free credit monitoring services for those affected and is enhancing its internal security measures and policies related to data integrity.

Alongside Fieldtex, TriZetto Provider Solutions, a revenue cycle management firm owned by Cognizant, has also initiated notification procedures following its own hacking incident. The company confirmed having detected suspicious activities in a web portal utilized by its healthcare provider clients. The nature of the breach remains undetailed, as TriZetto has not yet made a public announcement regarding the specifics of the incident.

This incident underscores persistent vulnerabilities within business associates handling sensitive healthcare data, a trend that has been prevalent throughout 2025. According to the HHS OCR, business associates were implicated in approximately 218 breaches this year, affecting nearly 18.3 million individuals. Notably, a significant breach reported by Conduent Business Services, impacting 10.5 million individuals, illustrates the severe implications of such security failures in the healthcare ecosystem.

Understanding cybersecurity frameworks like the MITRE ATT&CK Matrix can provide useful insights into the tactics that attackers may have employed in these incidents. Techniques such as initial access, persistence, and privilege escalation could have been relevant in both the Fieldtex and TriZetto breaches, highlighting the ongoing challenges businesses face in safeguarding sensitive information. As the digital landscape evolves, ongoing vigilance and proactive measures remain essential for mitigating these threats.