By Christopher Kuo
The Oncology Institute's information systems were breached in a November cybersecurity incident that led to the exposure of patient data, according to a Securities and Exchange Commission filing on Friday.
The cancer care organization said the attack affected other healthcare service providers as well, and that it has set up a patient portal through which it plans to provide information and responses to inquiries.
A third-party gained unauthorized access to the company's information systems, including those affecting patient data, last November, the Institute said. The company was affected as part of an attack on a third-party software provider, which resulted in temporary disruptions to billing systems and fee-for-service collections.
At the time, Kroll, the third-party administrator of the vendor, said it hadn't found any evidence showing patient information was compromised.
On May 20, Kroll told the Institute that it had detected unauthorized access by a third party to company systems involving patient data. The company said it has worked swiftly to address the breach, and its operations have continued in all material since the detection of the incident, according to the filing.
The company's investigation and assessment is continuing, but the Institute said it believes the incident has not had a material impact on operations, financial systems or quality of care to its patients.
Write to Christopher Kuo at chris.kuo@wsj.com
(END) Dow Jones Newswires
May 22, 2026 17:30 ET (21:30 GMT)
Copyright (c) 2026 Dow Jones & Company, Inc.
Comments