The Oncology Institute has reported a cybersecurity incident connected to one of its third-party service providers, which may have resulted in the exposure of patient information following a 2025 attack.
The organization initially disclosed the incident in November 2025 while the vendor’s internal investigation was still in progress. At that time, there was no confirmed evidence that patient data had been compromised. Although the vendor has not officially been identified, industry reports indicate that Cognizant’s TriZetto may be linked to the breach.
The Oncology Institute is a U.S.-based healthcare provider that specializes in community-focused cancer treatment, delivering outpatient oncology services designed to improve accessibility for patients outside traditional hospital settings.
In an updated filing with the U.S. Securities and Exchange Commission (SEC), the company stated that new information became available months after the initial disclosure. On May 20, 2026, Kroll acting as the vendor’s third-party administrator alerted the organization that unauthorized access by an external party had been detected within certain systems used by the company. These systems included those containing patient-related data.
The company indicated that the incident likely extends beyond its own operations and may have affected multiple healthcare providers using the same vendor. To address concerns and provide transparency, the vendor has established a dedicated patient portal to share updates and respond to inquiries.
At this time, the individuals or groups responsible for the intrusion have not been identified, and no ransomware organization has publicly claimed involvement in either the TriZetto or Oncology Institute incidents.
The broader context includes a previously reported breach involving Cognizant’s TriZetto Provider Solutions, which, in March 2026, was found to have exposed sensitive data belonging to more than 3.4 million individuals.
According to details from that investigation, suspicious activity was first identified on October 2, 2025, within a web portal used by healthcare providers. Further analysis revealed that an unauthorized party had been accessing data as early as November 2024, specifically targeting records tied to insurance eligibility verification processes.
Following the discovery, the company worked with cybersecurity specialists, notified law enforcement authorities, and began informing affected organizations in December 2025.
By late November 2025, it was determined that the exposure may have included personally identifiable information and protected health data, such as names, physical addresses, dates of birth, Social Security numbers, insurance details, and provider-related information. Notably, no financial account data was involved, and there have been no confirmed cases of identity theft or fraud linked to the incident so far.
In response to the breach, additional security measures have been implemented to strengthen system protections and reduce the likelihood of similar incidents in the future.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
