The Oncology Institute has verified that a cybersecurity breach has compromised patient data, impacting numerous healthcare providers. This incident highlights the vulnerabilities in healthcare IT systems.
Background on the Oncology Institute
Established in 2007, the Oncology Institute (TOI) is a specialized cancer care provider operating more than 100 clinics across five states. The organization is dedicated to delivering comprehensive oncology services.
In November 2025, TOI reported to the Securities and Exchange Commission (SEC) about a cybersecurity event involving a third-party software vendor. At that time, investigations were ongoing to determine whether patient data had been compromised.
Details of the Data Breach
On May 20, 2026, Kroll, the third-party administrator, informed TOI of unauthorized access to certain information systems, including those containing patient data. This was disclosed in a recent SEC filing by TOI.
The healthcare provider noted that the breach likely affected other healthcare organizations as well, and the vendor has established a patient portal for information dissemination and inquiries.
Possible Involvement of TriZetto Provider Solutions
Although TOI did not name the software vendor, the circumstances suggest that TriZetto Provider Solutions, a Cognizant-owned healthcare technology company, might be involved. TriZetto had experienced a data breach earlier this year affecting numerous clients and approximately 3.4 million individuals.
Kroll is managing the disclosures for TriZetto. However, the identity of the attackers remains unknown, with no ransomware groups claiming responsibility for the breach.
SecurityWeek has contacted TOI for further details and will provide updates as they become available.
Related incidents have seen large numbers of individuals affected, such as the breaches at Radiology Associates of Richmond and OpenLoop Health, underscoring the widespread impact on healthcare data across the US.
