Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: trizetto (1 article)Clear

Oncology Institute confirms patient data exposure via third-party breach; reports point to Cognizant-owned TriZetto (3.4M+ patients in original incident)

The Oncology Institute, a US outpatient cancer-care network, has filed an SEC 8-K confirming that patient information was exposed in a third-party vendor breach. Kroll, acting as the vendor's third-party administrator, notified the company on May 20 that unauthorized access had been detected. The vendor is not officially named, but multiple reports point to Cognizant-owned TriZetto Provider Solutions, which previously disclosed a breach in March 2026 affecting more than 3.4 million patients via its provider-portal infrastructure. The Oncology Institute first flagged the incident in a November 2025 8-K. The vendor has set up a patient portal for inquiries.

Check
If your organization uses TriZetto Provider Solutions or other Cognizant healthcare-data services, request a fresh breach assessment from your account team. Audit shared-data agreements for blast-radius.
Affected
Patients of The Oncology Institute and the wider TriZetto Provider Solutions ecosystem (3.4M+ patients in the original March 2026 disclosure). Healthcare providers using TriZetto for eligibility verification are exposed.
Fix
Notify affected patients per HIPAA. Tighten third-party risk reviews for healthcare-data processors. Implement strict data-handling SLAs in vendor contracts with breach notification deadlines.