The Oncology Institute says a beforehand disclosed cybersecurity incident has been confirmed to impression affected person info.
The Oncology Institute (TOI) is an oncology supplier based in 2007 that delivers specialised most cancers care by means of a community of over 100 clinics throughout 5 states.
The healthcare group instructed the SEC in November 2025 that it had realized of a cybersecurity incident affecting a third-party software program companies supplier. On the time, the seller’s investigation was ongoing and it couldn’t say whether or not affected person info had been compromised.
“Nevertheless, on Could 20, 2026, Kroll, who’s the third-party administrator for the Vendor, notified [TOI] that the Vendor had detected unauthorized entry by a 3rd celebration to sure info methods of [TOI], together with methods affecting information of sufferers,” TOI stated in a brand new SEC submitting final week.
It added, “[TOI] believes that the cybersecurity incident has affected varied different healthcare service suppliers, and the Vendor has arrange a affected person portal by means of which it intends to supply info and responses to inquiries.”
Whereas TOI has not named the third-party software program vendor, the timeline and the reported impression of the breach throughout a number of healthcare organizations level to Cognizant-owned healthcare know-how firm TriZetto Supplier Options as a potential candidate.
Kroll is dealing with disclosures for TriZetto, which earlier this yr reported struggling a data breach affecting a number of prospects and roughly 3.4 million people.
It’s unclear who’s behind the assault. No recognized ransomware group has claimed duty for an assault on TriZetto or the Oncology Institute.
information.killnetswitch has reached out to TOI for extra info and can replace this text if it responds.
