Oncology Institute Data Breach Exposes Patient Data via Third-Party Vendor

Oncology Institute Data Breach Exposes Patient Data via Third-Party Vendor

First seen 26 May 2026, 08:34 UTC Securityaffairs.CoRescanaattack.mitre.orgFeeds.Feedburnerwww.thecybersignal.com 89% similarity 60.5

Article Content

Browse articles
ThreatCluster

On May 20, 2026, The Oncology Institute, Inc. was notified of unauthorized access to its systems by Kroll, a third-party vendor. The incident, confirmed in an SEC filing on May 22, 2026, involved patient data compromise, although specific details on the data types and number of affected individuals remain unverified. This breach follows a previous disclosure in November 2025, which did not confirm data compromise at that time. The incident is part of a growing trend of third-party vendor breaches in the healthcare sector, which now account for approximately 48% of reported breaches. No specific malware or threat actor has been identified, and the investigation is ongoing. Credit monitoring services are being offered to impacted patients. The breach reflects a significant risk within the healthcare supply chain, following a similar incident at TriZetto Provider Solutions in March 2026.

Key Points: • Unauthorized access to patient data confirmed at The Oncology Institute due to a third-party vendor breach. • The breach is part of a broader trend, with third-party vendors involved in 48% of healthcare breaches. • No specific malware or threat actor has been identified; investigation is ongoing.

ThreatCluster AI

Timeline

2025-11-06
Initial breach notification by The Oncology Institute
The Oncology Institute disclosed a cybersecurity incident involving a third-party vendor, but no patient data compromise was confirmed at that time.
Rescana
2026-03-01
TriZetto Provider Solutions breach disclosed
A breach at TriZetto Provider Solutions exposed sensitive information for over 3.4 million patients, highlighting risks in the healthcare supply chain.
Feeds.Feedburner
2026-05-20
The Oncology Institute notified of data breach
The Oncology Institute was informed by Kroll of unauthorized access affecting patient data, leading to a formal SEC filing.
Rescana
2026-05-22
SEC Form 8-K filing discloses data compromise
The Oncology Institute filed an SEC Form 8-K confirming that systems affecting patient data were accessed, although specifics remain unverified.
Rescana

Community

Browse all →