Oncology Institute Discloses Data Breach

The Oncology Institute says a previously disclosed cybersecurity incident has been confirmed to impact patient information. The Oncology Institute (TOI) is an oncology provider founded in 2007 that delivers specialized cancer care through a network of over 100 clinics across five states. The healthcare organization told the SEC in November 2025 that it had learned of a cybersecurity incident affecting a third-party software services provider. At the time, the vendor’s investigation was ongoing and it could not say whether patient information had been compromised.  “However, on May 20, 2026, Kroll, who is the third-party administrator for the Vendor, notified [TOI] that the Vendor had detected unauthorized access by a third party to certain information systems of [TOI], including systems affecting data of patients,” TOI said in a new SEC filing last week.  It added, “[TOI] believes that the cybersecurity incident has affected various other healthcare service providers, and the Vendor has set up a patient portal through which it intends to provide information and responses to inquiries.” While TOI has not named the third-party software vendor, the timeline and the reported impact of the breach across multiple healthcare organizations point to Cognizant-owned healthcare technology company TriZetto Provider Solutions as a possible candidate. Kroll is handling disclosures for TriZetto, which earlier this year reported suffering a data breach affecting multiple customers and roughly 3.4 million individuals. It’s unclear who is behind the attack. No known ransomware group has claimed responsibility for an attack on TriZetto or the Oncology Institute.  SecurityWeek has reached out to TOI for additional information and will update this article if it responds.  Related: 266,000 Affected by Data Breach at Radiology Associates of Richmond Related: 716,000 Impacted by OpenLoop Health Data Breach Related: Millions Impacted Across Several US Healthcare Data Breaches WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Canadian Man Arrested for Operating Kimwolf Botnet ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested TrendAI Patches Apex One Zero-Day Exploited in the Wild Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI Anthropic Silently Patches Claude Code Sandbox Bypass Real-World ICS Security Tales From the Trenches Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation Latest News Ghost CMS Vulnerability Exploited to Hack Over 700 Websites 266,000 Affected by Data Breach at Radiology Associates of Richmond Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects Laravel-Lang Packages Poisoned for Malware Delivery DocketWise Data Breach Impacts 143,000 Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure Trending Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk In Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register People on the Move Joe Chen has become Chief Technology Officer at Trellix. Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO. SecureAuth has named Mark van Oppen as Chief Revenue Officer. More People On The Move Expert Insights Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience Is The New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Flipboard Reddit Whatsapp Email