On December 23, 2025, One Community Health notified patients of a data security incident involving its business partner, TriZetto Provider Solutions (“TriZetto”), a third‑party health insurance clearinghouse that processes insurance eligibility and claims information for the organization. According to the notice provided to patients, TriZetto detected suspicious activity on October 2, 2025, within a web portal used by its healthcare customers. A forensic investigation later confirmed that between November 2024 and October 2, 2025, an unauthorized individual accessed certain historical eligibility transaction reports stored on TriZetto’s systems.
One Community Health is a non-profit 501(c) (3) corporation licensed by the State of California, and lead by an independent board of directors, offering quality care in Sacramento.
Because the compromise originated within TriZetto’s systems, One Community Health began its own internal review to understand how patient information may have been affected and to ensure ongoing protection of sensitive data.
TriZetto has taken several steps in response to the incident, including engaging cybersecurity experts, eliminating the threat, notifying law enforcement, and reinforcing system security. TriZetto also confirmed that no further unauthorized activity has occurred since October 2, 2025. The organization is offering affected individuals complimentary identity‑protection services through Kroll, including credit monitoring, fraud consultation, and identity theft restoration. Impacted patients will receive additional instructions directly from TriZetto.
What information is involved in the One Community Health Data Breach?
Compromised information may include:
Name
Address
Date of Birth
Social Security Number
Health Insurance Member Number (including, in some cases, Medicare beneficiary identifiers)
Health Insurance Company Name
Primary insured or Dependent Information
Other demographic health or health insurance information
The incident did not involve payment card data, bank account information, or other financial account information.
Your Personally Identifiable Information (PII) includes sensitive personal details that can be used to identify you. If this information is accessed without authorization, it can be misused to commit identity theft or financial fraud. Protected Health Information (PHI) — a regulated subset of PII that includes medical and health‑related information — receives additional safeguards under federal and state law. If compromised, PHI may be used alongside PII to commit deeper forms of fraud.
One Community Health urges patients to remain vigilant by reviewing financial accounts, monitoring health insurance Explanation of Benefits statements, checking free annual credit reports, and promptly reporting any suspicious activity. The organization also recommends placing fraud alerts or security freezes with major credit bureaus to add an additional layer of security.
California residents benefit from additional privacy protections under the California Consumer Privacy Act (CCPA), which provides enhanced rights related to personal data. California also enforces the Confidentiality of Medical Information Act (CMIA), which imposes strict safeguards for medical information.
If you received a NOTICE OF DATA BREACH letter from One Community Health, your personal and/or medical information may be at risk. This type of sensitive information can be exploited by identity thieves to commit fraud and other crimes.
Contact the Data Breach Lawyers at Emery | Reddy, PC for a Free Case Review today.