Oncology Institute Confirms Patient Data Impacted by Vendor Breach
The Oncology Institute disclosed that a third-party software vendor experienced unauthorized access affecting patient data, as notified by administrator Kroll on May 20. The healthcare provider had previously reported the vendor incident in 2025 without confirmed patient impact. Credit monitoring is being offered.
- patient-information
- personal-health-information
The Oncology Institute has confirmed that patient data was exposed in a third-party software vendor breach after unauthorized access compromised personal health information, the company disclosed on May 22, 2026.
According to public reporting, the healthcare provider was notified by incident response firm Kroll on May 20 that the vendor had suffered a breach. The Oncology Institute had first reported the vendor incident in 2025 but stated at that time it could not confirm whether patient data was affected. The latest disclosure establishes that patient information and personal health information were impacted. The company is offering credit monitoring to those affected. Available reporting does not specify the exact number of patients involved.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →