Rescana
Oncology Institute Data Breach Exposes Patient Data via Third-Party Vendor
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On May 20, 2026, The Oncology Institute, Inc. was notified of unauthorized access to its systems by Kroll, a third-party vendor. The incident, confirmed in an SEC filing on May 22, 2026, involved patient data compromise, although specific details on the data types and number of affected individuals remain unverified. This breach follows a previous disclosure in November 2025, which did not confirm data compromise at that time. The incident is part of a growing trend of third-party vendor breaches in the healthcare sector, which now account for approximately 48% of reported breaches. No specific malware or threat actor has been identified, and the investigation is ongoing. Credit monitoring services are being offered to impacted patients. The breach reflects a significant risk within the healthcare supply chain, following a similar incident at TriZetto Provider Solutions in March 2026.
Key Points: • Unauthorized access to patient data confirmed at The Oncology Institute due to a third-party vendor breach. • The breach is part of a broader trend, with third-party vendors involved in 48% of healthcare breaches. • No specific malware or threat actor has been identified; investigation is ongoing.