What Happened in the Native American Health Center Data Breach?
Native American Health Center, a nonprofit Federally Qualified Health Center serving the San Francisco Bay Area, recently disclosed a data breach affecting patient information. The Native American Health Center data breach did not originate within the organization itself. Instead, it stems from a security failure at TriZetto, a third-party vendor that handles billing and insurance processing for the health center’s patients.
On Dec. 15, 2025, Native American Health Center learned about the incident from OCHIN, its electronic medical record system provider. According to the notification, an unauthorized individual gained access to one of TriZetto’s systems. Because TriZetto processes billing and insurance data on behalf of the health center, this unauthorized access exposed sensitive patient records tied to the organization’s patients. As a result, patients who never had direct contact with TriZetto still had their information put at risk.
After discovering the intrusion, TriZetto moved to stop the unauthorized activity and lock down its systems. Meanwhile, Native American Health Center began working with OCHIN to determine the scope of the incident. This investigation aimed to identify exactly which patients and what categories of data were involved. The health center then disclosed the breach to the California Attorney General on Jan. 6, 2026, and began notifying affected individuals directly around that time.
Who was affected?
The Native American Health Center data breach primarily affects patients who received care or services through the health center and whose billing or insurance information passed through TriZetto’s systems. Not every patient in the health center’s records was impacted. However, the breach potentially affects a significant portion of the overall patient population.
The exact number of affected individuals hasn’t been publicly disclosed. Because Native American Health Center serves a broad community across the Bay Area, the affected group likely includes patients of varying ages, including children who received pediatric or family health services. Given that TriZetto supports many healthcare organizations nationwide, this incident reflects a wider risk pattern across the healthcare industry, where a single vendor breach can ripple out to multiple providers and their patients at once.
What Information Was Potentially Exposed?
The breach exposed a combination of personal and health-related information. This mix of data is particularly concerning because it goes beyond basic contact details and includes identifiers that criminals often use for identity theft and insurance fraud. Based on the disclosure, the following categories of information were potentially exposed:
- Full name
- Social Security number
- Date of birth
- Contact details, such as address or phone number
- Certain health-related information
- Insurance information
Because Social Security numbers and dates of birth were involved, affected patients face a real risk of identity theft. Criminals can use this combination of data to open new credit accounts, file fraudulent tax returns or apply for loans in someone else’s name. In addition, this type of stolen information often circulates on dark web marketplaces long after the initial breach, which means the risk doesn’t disappear quickly.
The exposure of health and insurance information adds another layer of risk. For example, stolen insurance details can allow someone to fraudulently receive medical treatment or submit false claims under a patient’s name. This type of medical identity theft can be especially difficult to untangle because it may affect a patient’s medical records and insurance history. As a result, victims may need to correct inaccurate health records in addition to protecting their financial identity.
What is the company doing?
Once Native American Health Center learned of the breach, it immediately began coordinating with OCHIN to understand what happened and confirm the security of patient data going forward. TriZetto, for its part, took steps to halt the unauthorized access and secure its affected systems as soon as the intrusion was discovered. This quick containment effort aimed to prevent further exposure of patient data.
Beyond the immediate response, Native American Health Center is now reviewing its internal processes and working closely with OCHIN to monitor vendor compliance. This ongoing effort is meant to strengthen security safeguards and reduce the chances of a similar incident happening again through a third-party vendor. In addition, TriZetto has engaged Kroll, a well-known identity theft protection and notification provider, to support affected patients. Kroll is providing notification services, call center support and identity theft protection resources. Starting Jan. 5, 2026, TriZetto also opened a dedicated, toll-free call center at 844-572-2724 so affected individuals can ask questions and get support.
What Should Affected Individuals Do?
Monitor Your Credit Reports Closely
Affected individuals should request copies of their credit reports and review them carefully for unfamiliar accounts or inquiries. Because Social Security numbers were exposed, this step is especially important in catching identity theft early. You can request a free credit report from each of the three major credit bureaus.
In addition, consider checking your credit report on a rolling basis rather than just once. This means spacing out requests from each bureau throughout the year to maintain ongoing visibility. If you notice any accounts you don’t recognize, dispute them with the bureau right away and notify your financial institutions.
Consider a Fraud Alert or Credit Freeze
Because this breach exposed Social Security numbers and dates of birth, placing a fraud alert or credit freeze on your credit file is a smart precaution. A fraud alert requires lenders to verify your identity before opening new credit in your name. A credit freeze goes further by blocking most new credit applications entirely until you lift it.
To set up either protection, contact one of the three major credit bureaus, since a fraud alert placed with one bureau typically notifies the others. A credit freeze, however, usually needs to be requested separately at each bureau. Although a freeze takes a bit more effort to manage, it offers stronger protection against someone opening new accounts in your name.
Watch for Signs of Medical Identity Theft
Because health and insurance information was exposed, affected patients should watch closely for signs of medical identity theft. This might include unexpected medical bills, unfamiliar insurance statements or notices about services you never received. If anything looks unusual, contact your health insurer immediately to report it.
It’s also wise to request an itemized statement from your health insurer periodically to confirm that all listed services match care you actually received. Furthermore, keep a record of any suspicious communications or bills in case you need to dispute fraudulent charges later. Acting quickly on medical identity theft can prevent long-term damage to both your finances and your medical records.
Stay Alert for Phishing Attempts
After a breach like this, scammers often use stolen information to craft convincing phishing emails, calls or texts. Because your name, contact details and even health information may have been exposed, be cautious of any message asking you to verify personal details or click a link. Legitimate organizations rarely request sensitive information this way.
Instead of responding directly to a suspicious message, contact the organization using a verified phone number or website. This helps confirm whether the request is genuine. Additionally, avoid providing personal or financial information over the phone unless you initiated the call yourself.
Take Advantage of Identity Protection Services
Since TriZetto has engaged Kroll to provide identity theft protection services to affected patients, it’s worth enrolling if you’re eligible. These services typically include monitoring for misuse of your personal information and support if you become a victim of fraud. Enrolling costs you nothing and adds an extra layer of protection.
To learn more about your eligibility and how to enroll, affected individuals can contact the dedicated call center at 844-572-2724. This resource can also answer specific questions about what data was involved in your particular case. If you have concerns about your legal options following this breach, consulting a data breach attorney for a free case evaluation may also help clarify your rights.
More Information
Official Notice from Nativehealth
Official State Attorney General Notification
