Terry Reilly Health Services
Analysis of the Terry Reilly Health Services breach via TriZetto supply chain cascade exposing SSNs and health data.
Published by the Scrutex.ai Research Team | February 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
Terry Reilly Health Services
Community health centre in Idaho providing primary care, dental, and behavioural health services to underserved populations.
Sector
Healthcare
Region
United States
Date of Incident
November 2024 to October 2025 (TriZetto breach window)
Date Disclosed
February 2026
Estimated Impact
Unknown
Data Types Exposed
Names, addresses, Social Security numbers, health data
Attack Type
Third-party Exposure
Attack Vector
Supply chain cascade: TriZetto breach affected OCHIN, which in turn affected Terry Reilly
Current Status
Patients being notified. Investigation linked to broader TriZetto/Cognizant breach.
Severity Assessment
High. Patient SSNs and health data were exposed through a multi-tier supply chain compromise, demonstrating how breaches cascade through healthcare IT providers.
What Happened
In February 2026, Terry Reilly Health Services disclosed that patient data was exposed as a downstream impact of the TriZetto Provider Solutions breach, flowing through OCHIN to Terry Reilly.
The compromised data includes names, addresses, SSNs, and health data. This illustrates how supply chain compromises cascade through multiple layers of healthcare IT providers.
Timeline
November 2024
TriZetto Provider Solutions breach begins
October 2025
TriZetto breach detected
February 2026
Terry Reilly Health Services notifies patients of exposure through TriZetto/OCHIN supply chain
Impact and Risk Assessment
For Affected Individuals
Patients had SSNs and health data exposed through a supply chain they likely had no awareness of.
The multi-tier nature of the breach means extended notification timelines, with patients learning of the exposure well after the initial compromise.
For Organisations
Terry Reilly must manage patient notification for a breach originating two tiers removed in their supply chain.
OCHIN, as an intermediary, also faces scrutiny over its vendor management of TriZetto.
Regulatory Context
HIPAA breach notification requirements apply at each tier of the supply chain. Each entity must notify its own patients or downstream partners.
What Should You Do?
If You Are a Potentially Affected Individual
If you receive care from Terry Reilly Health Services, take advantage of any credit monitoring offered and monitor your credit reports.
If You Are a Security or Risk Professional
Map your entire data supply chain, including fourth-party relationships. Understand where patient data flows through third and fourth parties.
Include supply chain breach scenarios in your incident response planning.
Learnings and Recommendations
This incident demonstrates multi-tier supply chain risk: TriZetto was breached, which affected OCHIN, which in turn affected Terry Reilly's patients. Each link in the chain added delay to notification.
Healthcare organisations should map their entire data supply chain and understand where patient data flows through third and fourth parties.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.