Third-Party Cyberattack Impacts Patient Information at The Oncology Institute
The Oncology Institute (TOI) confirmed that patient information was impacted in a cybersecurity incident involving a third-party software provider. The company was notified on May 20, 2026, by Kroll, the third-party administrator for its software vendor, of unauthorized access to certain information systems, including those affecting patient data. This updated disclosure followed an initial report in November 2025 where patient data compromise was not yet confirmed. The incident is believed to have affected various other healthcare service providers. The specific types of patient data and the total number of individuals affected remain largely undisclosed, but it is part of a broader trend of third-party vendor breaches in the healthcare sector.
Signal context
First seen: May 26, 2026
Last updated: Jun 24, 2026
Status: Public signal
Key points
- Patient information impacted due to a third-party cyberattack.
- Notification received on May 20, 2026, from Kroll, a third-party administrator for the vendor.
- Initial incident referenced in November 2025, with confirmation of patient data compromise in May 2026.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: Location not provided
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: supplier or third-party involvement
Impact area: Confidentiality
Likely asset: User or customer data
- 19 signals in the same sector
- 66 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Third-Party Cyberattack Impacts Patient Information at The Oncology Institutehttps://securityaffairs.com/146549/data-breach/the-oncology-institute-data-breach.htmlPublic source from securityaffairs.com.
The Oncology Institute reports patient data potentially exposed in third-party vendor breachhttps://www.scmagazine.com/brief/the-oncology-institute-reports-patient-data-potentially-exposed-in-third-party-vendor-breachPublic source from scmagazine.com.
Related signals
Grouped by why the signal is relevant.
LastPass confirms data breach in Klue supply chain attack
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in a supply chain attack targeting Klue, a third-party market intelligence platform. The unauthorized actor obtained OAuth tokens from Klue, which were then used to access LastPass customer data. Exposed information includes customer names, phone numbers, email addresses, physical addresses, support case information, and sales/CRM-related data. LastPass stated that its core products, services, and infrastructure, including customer vaults, were not affected by this incident. The Icarus extortion group claimed responsibility for the Klue attack.
Snyk impacted by Klue supply chain attack
Snyk, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Snyk's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Snyk stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.
OneTrust impacted by Klue supply chain attack
OneTrust, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from OneTrust's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. OneTrust stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.
Jamf impacted by Klue supply chain attack
Jamf, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Jamf's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Jamf stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.
Huntress impacted by Klue supply chain attack
Huntress, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Huntress's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Huntress suggested that a threat actor named Icarus might have been responsible for the attack.
HackerOne impacted by Klue supply chain attack
HackerOne, a cybersecurity firm, was among several organizations affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from HackerOne's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. HackerOne stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.