Active breach tracker Florida Panhandle Disclosed January 26, 2026 Part of TriZetto / Cognizant cluster

Coastal Skin Surgery & Dermatology Data Breach 2026 (TriZetto Vendor): 6,173 Florida Dermatology Patients Exposed. What To Do

Coastal Skin Surgery & Dermatology, a Florida Panhandle dermatology and Mohs surgery group, disclosed in 2026 that its third-party vendor TriZetto Provider Solutions / Cognizant suffered a November 2024 intrusion exposing 6,173 Coastal patients. Part of the ~3.43M aggregate TriZetto breach. Kroll-administered credit monitoring offered. Here is what to do.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Nov 1, 2024

Unauthorized access to TriZetto Provider Solutions web portal begins

Oct 2, 2025

TriZetto detects suspicious activity

Dec 9, 2025

TriZetto begins notifying provider customers

Jan 26, 2026

TriZetto publishes ~3.43M aggregate victim count; Coastal entry on OCR portal

Data exposed

01

High-risk identity

Enables financial + identity theft

Date of birth Social Security number

03

Contact & insurance

Phishing + targeted scams

Full name Home address Health insurance member number Medicare Beneficiary Identifier (for some) Health insurer name Provider name Primary insured / dependent information

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Multiple firms filing against TriZetto/Cognizant (not Coastal directly) Lytle v. TriZetto Provider Solutions LLC (2:25-cv-18938, D.N.J.) Noble v. TriZetto Provider Solutions LLC (2:25-cv-18967, D.N.J.)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

What happened

This breach did not originate at Coastal Skin Surgery’s systems. It is a downstream notification from the TriZetto Provider Solutions (TPS) / Cognizant breach — the ~3.43 million-patient incident at Cognizant’s healthcare-claims-eligibility vendor.

Coastal Skin Surgery & Dermatology is a Florida Panhandle dermatology and Mohs surgery group with locations in Miramar Beach, Panama City Beach, Fort Walton Beach, and along the 30A corridor. Coastal uses TPS for insurance eligibility verification, and patient data flowing through TPS was exposed in the vendor’s intrusion.

Between November 2024 and October 2, 2025 (when TPS detected the intrusion), an unauthorized party accessed a TPS-operated provider web portal. TPS began notifying provider customers on December 9, 2025 and published the ~3.43M aggregate victim count on January 26, 2026. Coastal’s 6,173-patient entry posted to the HHS OCR portal as a downstream filing.

No threat group has publicly claimed responsibility for the TPS intrusion.

TriZetto cluster context

Coastal is one of dozens of provider customers downstream of the TPS breach. The class action exposure sits at the Cognizant/TPS level, not at Coastal directly. Two consolidated federal class actions are pending in the District of New Jersey: Lytle v. TriZetto Provider Solutions LLC (2:25-cv-18938) and Noble v. TriZetto Provider Solutions LLC (2:25-cv-18967), plus additional filings in Missouri federal court.

What was stolen

Per TPS notification (applicable to Coastal patients):

  • Full name, home address, date of birth
  • Social Security number
  • Health insurance member number
  • Medicare Beneficiary Identifier (for some)
  • Health insurer name, provider name
  • Primary insured / dependent information

What is being offered

TPS — not Coastal — runs the response. Affected individuals are directed to the Kroll-administered incident portal at tpsincident.kroll.com. The TPS program includes:

  • Complimentary credit monitoring
  • Fraud consultation
  • Identity theft restoration services

Coastal directs patients to the Kroll portal rather than running its own program.

What to do

  1. Enroll in the Kroll-administered TPS monitoring program at tpsincident.kroll.com using the activation code from your letter.
  2. Place free credit freezes at all three bureaus. Full SSN is in scope.
  3. File IRS Form 14039.
  4. Watch your Medicare Summary Notice for unfamiliar dermatology or other claims.
  5. Stop the ongoing flow of your dermatology data through claims intermediaries. HealthConsent files HIPAA restriction requests covering insurance eligibility and claims-routing pathways.

Continue reading

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.