Oncology Institute Discloses Data Breach

Summary

The Oncology Institute disclosed that a previously reported cybersecurity incident involving a third-party software vendor has confirmed patient data compromise. The breach, detected in May 2026, affects the cancer care provider and multiple other healthcare organizations; while the vendor remains unnamed, timeline and impact patterns suggest TriZetto Provider Solutions. No ransomware group has claimed responsibility, and Kroll is managing disclosures for affected parties.

Full text

The Oncology Institute says a previously disclosed cybersecurity incident has been confirmed to impact patient information. The Oncology Institute (TOI) is an oncology provider founded in 2007 that delivers specialized cancer care through a network of over 100 clinics across five states. The healthcare organization told the SEC in November 2025 that it had learned of a cybersecurity incident affecting a third-party software services provider. At the time, the vendor’s investigation was ongoing and it could not say whether patient information had been compromised. “However, on May 20, 2026, Kroll, who is the third-party administrator for the Vendor, notified [TOI] that the Vendor had detected unauthorized access by a third party to certain information systems of [TOI], including systems affecting data of patients,” TOI said in a new SEC filing last week. It added, “[TOI] believes that the cybersecurity incident has affected various other healthcare service providers, and the Vendor has set up a patient portal through which it intends to provide information and responses to inquiries.” While TOI has not named the third-party software vendor, the timeline and the reported impact of the breach across multiple healthcare organizations point to Cognizant-owned healthcare technology company TriZetto Provider Solutions as a possible candidate.Advertisement. Scroll to continue reading. Kroll is handling disclosures for TriZetto, which earlier this year reported suffering a data breach affecting multiple customers and roughly 3.4 million individuals. It’s unclear who is behind the attack. No known ransomware group has claimed responsibility for an attack on TriZetto or the Oncology Institute. SecurityWeek has reached out to TOI for additional information and will update this article if it responds. Related: 266,000 Affected by Data Breach at Radiology Associates of Richmond Related: 716,000 Impacted by OpenLoop Health Data Breach Related: Millions Impacted Across Several US Healthcare Data Breaches Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Eduard Kovacs Canadian Man Arrested for Operating Kimwolf Botnet‘First VPN’ Cybercrime Service Disrupted, Administrator ArrestedTrendAI Patches Apex One Zero-Day Exploited in the WildDrupal Patches Highly Critical Vulnerability Exposing Websites to HackingGoogle’s Surge in Chrome Vulnerability Discoveries Likely Driven by AIAnthropic Silently Patches Claude Code Sandbox BypassReal-World ICS Security Tales From the TrenchesDrupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation Latest News Ghost CMS Vulnerability Exploited to Hack Over 700 Websites266,000 Affected by Data Breach at Radiology Associates of RichmondAnthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS ProjectsLaravel-Lang Packages Poisoned for Malware DeliveryDocketWise Data Breach Impacts 143,000Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted DomainsDrupal Vulnerability in Hacker Crosshairs Shortly After Disclosure Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register People on the MoveJoe Chen has become Chief Technology Officer at Trellix.Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO.SecureAuth has named Mark van Oppen as Chief Revenue Officer.More People On The MoveExpert Insights Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience is the New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Entities