Oncology Institute says third party breach exposed patient data

THE Oncology Institute (TOI) confirmed that a cybersecurity incident involving a third-party software services provider has impacted patient information. In a recent SEC filing, TOI disclosed that unauthorized access to its data systems was detected by Kroll, the vendor's administrator, on May 20, 2026. While TOI hasn't named the vendor, it is speculated to be TriZetto Provider Solutions, which previously reported a data breach affecting multiple clients. TOI believes the incident has affected other healthcare organizations as well and has set up a patient portal for affected individuals.