VALLEY Family Health Care (VFHC) notified HHS on 12 January 2026 that the TriZetto Provider Solutions (TPS) breach had affected 4,300 of their patients. The TPS incident began in November 2024 and involved patients’ names, addresses, dates of birth, Social Security numbers, Medicaid IDs and other sensitive health and demographic information. VFHC’s substitute notice remains accessible only by scrolling to the bottom of its homepage and clicking the notices link.
On 7 March, threat actors known as Insomnia added VFHC to their dark web leak site, with proof of claims asserting that the exfiltrated data included more than one million records containing patients’ personal information such as SSNs, dates of birth, Medicaid IDs and private email addresses.
DataBreaches[.]net reviewed the tranche and found internal documents and a large amount of protected health information, with many patient charts unsecured and not password-protected, though some PHI in a “Secure Email” directory was password-protected. The site contacted Insomnia without receiving a response, and VFHC has not replied to DataBreaches[.]net’s inquiry about Insomnia’s breach. VFHC operates in Idaho and Oregon and provides dental, women’s health and behavioural health services alongside medical care.