Breach taxonomy
Summary
The Oncology Institute disclosed that a cybersecurity incident at a third-party IT software provider was causing potential delays in the company's fee-for-service collections in its billing operations. The provider had not identified evidence of patient personal information being compromised. The company collaborated with the software provider to mitigate effects and restore normal billing operations. The incident was determined to be immaterial. Filed under Item 7.01; company determined the incident is not material.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsSystem OutageSupply Chain
A cybersecurity incident at a third-party IT software provider disrupted system operations; the breach originated at a supply chain vendor → SYSTEM-OUTAGE + SUPPLY-CHAIN.