Oncology Institute Discloses Data Breach

Key Points:

• A confirmed data breach at The Oncology Institute (TOI) has compromised patient information due to unauthorized access by a third party to its systems, linked to a third-party software vendor.
• The breach potentially affects multiple healthcare organizations, with estimates indicating around 3.4 million individuals may be impacted, as reported by the vendor's administrator, Kroll.
• Organizations should enhance their third-party risk management practices and ensure robust monitoring of vendor security postures.

Technical Details: The incident involves unauthorized access to TOI's systems through a third-party vendor, likely TriZetto Provider Solutions. The specifics of the attack vector remain unclear, and no ransomware group has claimed responsibility.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned