Third-Party Cyberattack Impacts Patient Information at The Oncology Institute
Third-Party Cyberattack Impacts Patient Information at The Oncology Institute
Publish Date: 2026-05-26 01:28:00
Source Domain: securityaffairs.com
Third-Party Cyberattack Impacts Patient Information at The Oncology Institute
Pierluigi Paganini
May 26, 2026
The Oncology Institute disclosed a data breach tied to a third-party vendor, potentially exposing patient information after a 2025 cyberattack.
The Oncology Institute has confirmed that patient information was impacted in a cybersecurity incident involving a third-party software provider. The healthcare network first disclosed the security breach in November 2025 while the vendor’s investigation was still ongoing. Although the provider has not been officially named, reports suggest Cognizant-owned TriZetto may be involved.
The Oncology Institute, Inc. is a U.S.-based healthcare company that provides community-based cancer care services. It operates a network of oncology clinics focused on treating patients with cancer in outpatient settings, aiming to make care more accessible outside of large hospital systems.
“The Oncology Institute, Inc. (the “Company”) is providing this disclosure, as a follow-up to its voluntary disclosure in Item 7.01 of a Current Report on Form 8-K filed on November 6, 2025, regarding a cybersecurity incident affecting a software service provider (“Vendor”) utilized by the Company. At the time of the prior voluntary disclosure, the Vendor had indicated that investigation was still ongoing and it could not yet confirm any evidence that any patient personal information was compromised as a result of this incident.” reads the Form 8-K report filed with SEC. “However, on May 20, 2026, Kroll, who is the third-party administrator for the Vendor, notified the Company that the Vendor had detected unauthorized access by a third party to certain information systems of the Company, including systems affecting data of patients. The Company believes that the cybersecurity incident has affected various other healthcare service providers, and the Vendor…
