The Mendocino Community Health Clinic (MCHC) has announced a data security breach linked to TriZetto Provider Solutions (TPS), a critical vendor providing clearinghouse services. On December 10, 2025, MCHC was informed by OCHIN, their electronic health record system provider, about the breach incident.
"TriZetto Provider Solutions reported the incident to OCHIN on December 9, 2025," stated the clinic. TPS's investigation revealed that on October 2, 2025, they detected suspicious activity within a web portal utilized by their healthcare provider customers. In response, TPS promptly initiated an investigation, secured the system, and engaged cybersecurity experts from Mandiant to assist with the threat.
"TriZetto Provider Solutions reported the incident to OCHIN on December 9, 2025,"
Despite the breach, TPS ensured there had been no evidence of unauthorized activity within their environment since the initial discovery. "The investigation confirmed that this incident involved TPS's environment and historical eligibility transaction reports, not OCHIN’s system," the clinic explained.
"The investigation confirmed that this incident involved TPS's environment and historical eligibility transaction reports, not OCHIN’s system,"
By the Numbers
By the Numbers
By the Numbers
Approximately 3,500 patients’ protected health information may have been compromised in this incident. The data involved included various types of health insurance eligibility transaction reports. As per TPS, the compromised information could contain demographic details, health and health insurance data, Social Security numbers, and more.
"No payment card information, bank account information, or other financial data have been implicated," the clinic assured.
"No payment card information, bank account information, or other financial data have been implicated,"
Impact and Legacy
Impact and Legacy
MCHC has committed to directly notifying affected individuals, with letters scheduled to be mailed out in the second week of January 2026. "We are proactively reaching out to those impacted to ensure they are informed of the situation and what steps they can take,” said a spokesperson for MCHC.
In addition, TPS will send out its notifications around the second week of February. These communications will contain specific details on the incident and offer resources for protecting personal information.
As an immediate response to the data security incident, TPS is providing affected patients with support services through Kroll, which includes free credit monitoring and identity theft protection. "These services are important steps to help safeguard affected individuals’ information," a TPS representative stated.
"These services are important steps to help safeguard affected individuals’ information,"
The clinic emphasized its commitment to safeguarding patient information and its collaboration with OCHIN and TPS in response to the breach. "While this incident occurred within a system managed by TPS, MCHC takes the privacy and security of your information very seriously. We are continuing to monitor the situation closely," reiterating the importance of vigilance in data security practices.
Individuals are advised to remain alert for any signs of identity theft. While TPS stated there is currently no evidence of unauthorized use of information, patients are encouraged to regularly review their account statements and monitor free credit reports. Detailed information about identity theft protection will be enclosed in the letters sent from MCHC.
"You should immediately report any suspicious activities involving your accounts to your banks and other financial institutions," noted a representative from MCHC.
"You should immediately report any suspicious activities involving your accounts to your banks and other financial institutions,"
The breach has also prompted media notifications, with communications being sent to major outlets and consumer reporting agencies on a general basis.
Looking Ahead
In light of the increasing frequency of cybersecurity incidents in the healthcare sector, MCHC’s incident underscores significant challenges that providers face in protecting patient data. Moving forward, the clinic remains committed to implementing enhanced security measures and ensuring ongoing dialogue with OCHIN and TPS to safeguard patient information against potential future breaches.