Bay Area Community Health Confirms TriZetto Data Breach — SSN, Medicare Numbers, DOB, Insurance Data Exposed

Bay Area Community Health (BACH, Fremont/San Jose, ~30 sites) confirmed (May 6, 2026 substitute notice + class action investigation update) PHI exposure via TriZetto Provider Solutions (Cognizant subsidiary, OCHIN clearinghouse partner). Exposed: SSN, Medicare beneficiary numbers, DOB, insurance data. Part of the broader 3.4M-patient TriZetto breach. Class-action investigations active in May 2026. Distinct from already-tracked AltaMed and La Clinica breaches — third-party vendor risk pattern across FQHCs using OCHIN/TriZetto stack. Tech-stack relevance: TriZetto is a widely used FQHC RCM clearinghouse. Strategic implication for FQHC CIOs / compliance officers: (1) audit your full Business Associate Agreement (BAA) chain — clearinghouses, RCM vendors, eligibility verifiers, and any subcontractors that touch PHI; (2) TriZetto/Cognizant-related contract review is now a board-level item; (3) confirm your incident-response runbook covers vendor-side breach notification (60-day OCR HIPAA window); (4) document your Security Rule risk analysis updates (the OCR ransomware sweep April 23 and now this BACH item form a one-two compliance pressure pattern).