Bay Area Community Health Confirms TriZetto Data Breach — SSN, Medicare Numbers, DOB, Insurance Data Exposed
Bay Area Community Health (BACH, Fremont/San Jose, ~30 sites) confirmed (May 6, 2026 substitute notice + class action investigation update) PHI exposure via TriZetto Provider Solutions (Cognizant subsidiary, OCHIN clearinghouse partner). Exposed: SSN, Medicare beneficiary numbers, DOB, insurance data.
Part of the broader 3.4M-patient TriZetto breach. Class-action investigations active in May 2026. Distinct from already-tracked AltaMed and La Clinica breaches — third-party vendor risk pattern across FQHCs using OCHIN/TriZetto stack.
Tech-stack relevance: TriZetto is a widely used FQHC RCM clearinghouse.
Strategic implication for FQHC CIOs / compliance officers:
- audit your full Business Associate Agreement (BAA) chain — clearinghouses, RCM vendors, eligibility verifiers, and any subcontractors that touch PHI
- TriZetto/Cognizant-related contract review is now a board-level item
- confirm your incident-response runbook covers vendor-side breach notification (60-day OCR HIPAA window)
- document your Security Rule risk analysis updates (the OCR ransomware sweep April 23 and now this BACH item form a one-two compliance pressure pattern).
Key takeaways
- BACH confirms PHI exposure via TriZetto — SSN, Medicare numbers, DOB, insurance
- Part of broader 3.4M-patient TriZetto breach — third-party vendor pattern
- FQHC CIOs: audit full BAA chain (clearinghouses, RCM, eligibility verifiers, subcontractors)
- Pairs with April 23 OCR ransomware sweep — one-two compliance pressure pattern
Primary source
Class Law DC / BACH substitute noticeAffected FQHCs
FQHC Talent. (2026, May 6). Bay Area Community Health Confirms TriZetto Data Breach — SSN, Medicare Numbers, DOB, Insurance Data Exposed. Primary source: Class Law DC / BACH substitute notice. Retrieved June 27, 2026, from https://www.fqhctalent.com/intel/bach-trizetto-data-breach-may-6-2026
More in Risk & Compliance
Jul 5
Section 1557 Language Access Annual Notice Year 1 Anniversary — July 5, 2026 Compliance Window
Jun 9
FTCA CY2027 redeeming applications due June 26 — miss it and your FQHC has a malpractice-coverage gap
Jun 1
Two Compliance Signals for FQHCs: HRSA's FY2026 340B Manufacturer-Audit Results Go Live, and OCR's Ransomware Settlements Preview a Tougher HIPAA Security Rule
Jun 1
Eli Lilly Gives ~50 Covered Entities Five Days to Hand Over 340B Claims Data — or Lose Their Discounts