Notice of Data Breach

Pafford Medical Services, Inc., Pafford EMS of Oklahoma, Pafford Medical Services of Mississippi, Inc., Pafford EMS of Mississippi, Inc., and Pafford Emergency Medical Services, Inc. (collectively, “Pafford”) are providing notice of a data security incident involving TriZetto Provider Solutions (“TPS”), a third-party vendor used for certain administrative and billing-related services.

On December 12, 2025, Pafford was notified by Trizetto Provider Solutions (TPS), its business associate that supports Pafford’s claims process, of a data security incident. TPS recently experienced a cybersecurity incident that affected certain protected health information of individuals associated with its healthcare provider customers. TPS provides billing-related services to healthcare providers, such as hospitals, health systems, and physician practices, some of which are located in the jurisdictions served by Pafford.

This notice explains the incident, the measures TPS has taken in response, and the steps individuals can take to help protect their information. Individuals may also contact Pafford Medical Services at 1-800-451-8036 for additional information.

What Happened

On October 2, 2025, TPS became aware of suspicious activity within a web portal used by certain TPS healthcare provider customers to access TPS systems. Upon discovery, TPS promptly launched an investigation, took steps to mitigate the issue, engaged external cybersecurity experts, and notified law enforcement.

TPS determined that, beginning in November 2024, an unauthorized actor accessed certain records related to insurance eligibility verification transactions used by healthcare providers to assess insurance coverage for treatment services. TPS conducted a thorough review of the affected data to determine what information was involved and which individuals were impacted.

What Information Was Involved

The information involved varied by individual and may have included some or all of the following for patients and primary insureds:

● Name

● Address

● Date of birth

● Social Security number

● Health insurance member number (which, for some individuals, may include a Medicare Beneficiary Identifier)

● Health insurer name

● Primary insured or dependent information

● Other demographic, health, and health insurance information

The incident did not involve payment card information, bank account information, or other financial account data. At this time, TPS is not aware of any identity theft or fraud related to the information involved.

What Pafford Is Doing

Pafford takes this matter very seriously and has taken the following actions: Pafford is working with TriZetto to ensure an accurate account of the information impacted by this incident. Pafford will be working with TriZetto’s breach disclosure firm, Kroll Inc., to provide individuals with additional information and services regarding the incident. These materials are expected to be sent to impacted individuals by February 9, 2026.

What TPS Is Doing

After becoming aware of the incident, TPS immediately took additional measures to safeguard its systems and worked with leading cybersecurity experts to conduct a comprehensive investigation. TPS notified law enforcement and is cooperating with their investigation. TPS has also implemented, and continues to implement, enhanced security protocols designed to prevent similar incidents in the future.

TPS notified affected healthcare providers beginning on December 9, 2025, and offered to make all legally required notifications on their behalf. For providers that accepted this offer, TPS is notifying affected individuals at their last known addresses.

TPS is offering affected individuals Single-Bureau Credit Monitoring, Single-Bureau Credit Report, and Single-Bureau Credit Score services at no charge. These services are being provided by a company that specializes in fraud assistance and remediation services.

What Can Affected Individuals Do

Individuals who may have been affected and who have questions or would like to enroll in the free credit monitoring services may call the dedicated, toll-free call center at (844) 572-2724 between 8:00 a.m. and 5:30 p.m. Central Time, excluding major U.S. holidays.

In addition, individuals may contact Pafford Medical Services at 1-800-451-8036 or compliance@paffordems.com for questions related to Pafford’s involvement.

Although TPS has no evidence that any affected individual’s information has been misused, TPS encourages individuals to remain vigilant against identity theft and fraud by reviewing account statements, monitoring free credit reports, and promptly reporting any suspicious activity.

Additional information about identity theft protection is provided below. Pafford regrets that this incident occurred and any concern it may cause. Pafford takes the

confidentiality and security of personal information very seriously and will continue to take steps to help prevent similar incidents from occurring in the future.

Notice of Data Breach.docx.pdf