Third-Party Cyberattack Impacts Patient Information at The Oncology Institute

The Oncology Institute disclosed that a third-party software vendor experienced unauthorized access that may have exposed patient personal and health information; Kroll notified the company on May 20, 2026, and the incident appears to be related to earlier TriZetto/Cognizant breaches that affected millions of patients. The attackers are unknown, no ransomware group has claimed responsibility, and the vendor has set up a patient portal while investigations and provider notifications continue.