my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

The Healthcare Benefits Breach You Haven't Heard About (or the One After It, or the One After That)

John Z Black Mar 22, 2026 Incidents & Breaches #data breach #healthcare #TriZetto #Navia #Marquis #supply chain #identity theft #FSA #HSA #COBRA

Three different companies. Three different breaches. All disclosed in roughly the same week. And in every case, the people most at risk are people who have no idea these companies exist.

That’s not coincidence. It’s a pattern.

TriZetto, Navia, Marquis. You probably haven’t heard of any of them. But if you have health insurance, an FSA or HSA, COBRA coverage, or a community bank account, there’s a real chance one of them holds your Social Security number, your date of birth, your financial account details, and your health benefits enrollment information.

Three Breaches, Three Timelines

TriZetto is a Cognizant subsidiary that builds software used by health insurers. Breach detected: October 2025. Access began: November 2024. That’s eleven months of undetected access. Notifications going out now, in March 2026. 3.4 million people.

Navia Benefit Solutions manages FSA, HSA, HRA, and COBRA accounts for employers. Attackers were inside from December 22, 2025 to January 15, 2026 – 25 days. Discovered January 23. Public notice posted March 13. Seven weeks between discovery and notification for 2,697,540 people. Data exposed includes names, SSNs, dates of birth, and FSA/COBRA enrollment info. That last part is particularly sensitive – it tells an attacker what conditions you’re managing and what your healthcare spending looks like.

Marquis provides digital marketing and compliance software to 700+ banks and credit unions. Ransomware hit in August 2025. 74 financial institutions disrupted. 672,000 people’s data stolen. Disclosure: this week. March 2026. Seven months later.

None of those 672,000 people had a relationship with Marquis. They had a relationship with their bank. Their bank had a relationship with Marquis.

The Pattern

Every one of these breaches shares the same structure: victims never chose to give their data to these companies, dwell times are measured in months, and the gap between “attack” and “you finding out” is also months. During that gap, your data is out there and you’re going about your life thinking you’re fine.

The regulatory framework wasn’t designed for a world where your most sensitive combined data – health plus financial – lives at a third-party vendor that primarily thinks of itself as a software company.

What You Should Do Right Now

If you have an FSA, HSA, or COBRA account, assume Navia may be your administrator. Check your transaction history for anything unfamiliar. Ask HR if you’re not sure.

If you bank at a community bank or credit union, assume Marquis may be in your vendor chain. Monitor your accounts and place a fraud alert with the major credit bureaus.

For all three: freeze your credit at Equifax, Experian, and TransUnion. It’s free, it’s reversible, and it’s the single most effective thing you can do against someone opening accounts in your name.

Watch for targeted phishing. Attackers with your name, employer, benefits info, and SSN can write very convincing pretexts. Go directly to official websites; don’t follow links in unexpected emails.

You shouldn’t have to do any of this. But here we are.

Full breach details for TriZetto, Navia, and Marquis – plus a step-by-step guide to protecting yourself.