Third-Party Cyberattack Impacts Patient Information at The Oncology Institute

A third-party cyberattack impacted patient information at The Oncology Institute, exposing sensitive data after a 2025 breach. The attack involved a third-party software provider, but the exact tool or vulnerability is unclear. The incident highlights the risks of third-party vendor security.

1. The Oncology Institute's patient information was impacted in a cybersecurity incident involving a third-party software provider.
2. The attack occurred in 2025, but the exact date and time are unclear.
3. The incident highlights the risks of third-party vendor security and the importance of regular security audits.
4. The Oncology Institute has not disclosed any specific detection opportunities or forensic artefacts related to the incident.

T1098 - Approved to use, but unclear if this is the exact technique used in the attack

The Oncology Institute and other healthcare networks should prioritize regular security audits and risk assessments for third-party vendors to prevent similar incidents.