Oncology Institute Confirms Patient Data Exposed in Vendor-Linked Cyberattack

Context The Oncology Institute, which operates over 100 clinics across five states, disclosed in a November 2025 SEC filing that it had learned of a cybersecurity incident impacting a third‑party software services provider. At that time the vendor’s investigation was ongoing and it could not confirm whether patient data had been compromised. Kroll, acting as the third‑party administrator for the vendor, later informed the institute that the vendor had detected unauthorized access by an external party to certain information systems, including those handling patient data.

Key Facts The institute stated that the cybersecurity incident has compromised patient information. While the vendor has not been publicly named, the timeline and the reported scale of the breach align with Cognizant‑owned TriZetto Provider Solutions, which earlier in 2026 reported a data breach affecting multiple customers and about 3.4 million individuals. No ransomware group has claimed responsibility, and the specific attack vector remains undisclosed; however, the vendor’s investigation pointed to compromised credentials, a tactic cataloged as MITRE ATT&CK T1078 (Valid Accounts).

What It Means Healthcare organizations that rely on the same vendor should assume their patient data may have been exposed and verify whether their records were part of the compromised set. Patients are advised to monitor explanation of benefits statements and credit reports for signs of medical identity theft.

Mitigations Security teams should: enforce multi‑factor authentication on all privileged and vendor‑access accounts; review and limit third‑party access to the minimum necessary; monitor login attempts for anomalous patterns using detection rules for MITRE ATT&CK T1078; apply the latest patches for the vendor’s patient‑portal software (check for advisories referencing CVE‑2024‑XXXX if released); and ensure encryption of data at rest and in transit to reduce the impact of any future exfiltration.