The Oncology Institute has confirmed that patient information was impacted in a cybersecurity incident involving a third-party software provider. The healthcare network first disclosed the security breach in November 2025, while the vendor’s investigation was still ongoing, as reported by Security Affairs.The Oncology Institute disclosed on May 20, 2026, that Kroll, a third-party administrator for an unnamed vendor, detected unauthorized access to systems that may have affected patient data. This incident follows a larger breach at Cognizant-owned TriZetto Provider Solutions in March 2026, which exposed sensitive information for over 3.4 million patients. The TriZetto breach, which began in November 2024, involved unauthorized access to records for insurance eligibility verification transactions, potentially exposing names, addresses, Social Security numbers, and insurance details.While no ransomware group has claimed responsibility for either incident, the potential exposure of patient data highlights significant risks within the healthcare supply chain. The Oncology Institute stated that the vendor has established a patient portal to provide information and address inquiries related to the breach.Source: Security Affairs
Breach
The Oncology Institute reports patient data potentially exposed in third-party vendor breach

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
Attack VectorYou can skip this ad in 5 seconds


