A significant cybersecurity incident in 2025 has compromised patient data at a prominent oncology firm, affecting an undisclosed number of individuals. The breach occurred via a third-party billing software vendor, highlighting the risks associated with relying on external providers for sensitive services. The impacted firm, which treats nearly 2 million patients, has notified investors about the incident, underscoring the potential consequences for both patients and the company's reputation. This incident is part of a larger trend of major breaches involving billing software providers1. The fact that patient data was compromised raises concerns about the potential for identity theft, medical fraud, and other malicious activities. So what matters to practitioners is that this incident emphasizes the need for rigorous vendor risk management and robust security protocols to protect sensitive patient information.