The Oncology Institute says a previously disclosed cybersecurity incident has been confirmed to impact patient information.
The Oncology Institute (TOI) is an oncology provider founded in 2007 that delivers specialized cancer care through a network of over 100 clinics across five states.
The healthcare organization told the SEC in November 2025 that it had learned of a cybersecurity incident affecting a third-party software services provider. At the time, the vendor’s investigation was ongoing and it could not say whether patient information had been compromised.
“However, on May 20, 2026, Kroll, who is the third-party administrator for the Vendor, notified [TOI] that the Vendor had detected unauthorized access by a third party to certain information systems of [TOI], including systems affecting data of patients,” TOI said in a new SEC filing last week.
It added, “[TOI] believes that the cybersecurity incident has affected various other healthcare service providers, and the Vendor has set up a patient portal through which it intends to provide information and responses to inquiries.”
While TOI has not named the third-party software vendor, the timeline and the reported impact of the breach across multiple healthcare organizations point to Cognizant-owned healthcare technology company TriZetto Provider Solutions as a possible candidate.
Kroll is handling disclosures for TriZetto, which earlier this year reported suffering a data breach affecting multiple customers and roughly 3.4 million individuals.
It’s unclear who is behind the attack. No known ransomware group has claimed responsibility for an attack on TriZetto or the Oncology Institute.
SecurityWeek has reached out to TOI for additional information and will update this article if it responds.
Related: 266,000 Affected by Data Breach at Radiology Associates of Richmond
Related: 716,000 Impacted by OpenLoop Health Data Breach
Related: Millions Impacted Across Several US Healthcare Data Breaches
