Excerpt from KCBY Article, Published on January 20, 2026
Adapt has disclosed a data security incident linked to a third – party healthcare technology vendor. Importantly, the organization confirmed that its internal systems were not compromised. Instead, the issue originated at TriZetto, a contractor associated with OCHIN, which provides the electronic medical record platform used by Adapt.
According to the report, the organization learned about the incident on December 10, 2025. As a result, Adapt immediately worked with OCHIN and TriZetto to investigate the situation. Moreover, the response focused on identifying affected data and preventing further unauthorized access. The incident involved unauthorized access to a vendor – managed system. However, not all patient records were impacted. Officials continue to evaluate which individuals may have experienced exposure. Meanwhile, monitoring efforts remain active to detect any unusual activity.
The information potentially involved includes names, dates of birth, Social Security numbers, insurance details, and limited health data. Fortunately, investigators have found no evidence of misuse so far. Nevertheless, cybersecurity professionals advise patients to stay alert and review their financial and medical records regularly.
Beginning in February 2026, TriZetto will send notification letters to affected individuals. In addition, Kroll will support the notification process and provide assistance services. These services include identity monitoring and guidance for those seeking additional protection. Adapt emphasized that patient privacy remains a core priority. Therefore, the organization continues to collaborate closely with its technology partners. It is also reviewing vendor security practices to strengthen oversight and reduce similar risks in the future.
Overall, this incident highlights the increasing cybersecurity risks within the healthcare sector. Vendor – related breaches continue to rise across the industry. Consequently, organizations must place stronger focus on third – party risk management. For example, regular security assessments, access controls, and compliance reviews can help reduce exposure.
To delve deeper into this topic, KCBY.com .
