Three Healthcare Breaches in One Week.
The Third-Party NHI Blind Spot Nobody's Talking About.

The Oncology Institute (TOI), an oncology provider operating over 100 clinics across five states, disclosed to the SEC that Kroll had detected unauthorized access to its information systems — specifically, access via a third-party vendor that TOI and multiple other healthcare organizations shared. On May 20, 2026, Kroll notified TOI of the breach.

The timeline and cross-organization impact pattern points to a vendor acting as a centralized integration layer for multiple providers — one compromised non-human identity granting attackers access to patient data across dozens of organizations. The vendor established a patient portal to manage individual disclosures. No known ransomware group has claimed responsibility, suggesting a targeted data theft operation rather than ransomware deployment.

What made it an NHI problem: The attacker didn't breach TOI's own systems. They breached a vendor that held integration credentials — service account tokens or API keys — that permitted access to TOI's data systems. Those credentials were issued to the vendor at onboarding and never behaviorally monitored afterward. At no point did any system flag that a vendor integration credential was being used from anomalous infrastructure, at anomalous times, for anomalous query volumes.

Estimated exposure: Approximately 3.4 million individuals across all affected healthcare organizations via the shared vendor.

Radiology Associates of Richmond (RAR), a Richmond, Virginia-based medical imaging services provider, disclosed that 266,183 patients had their protected health information, Social Security numbers, government-issued ID numbers, financial account information, and medical records exfiltrated in an attack that occurred on July 25, 2025. The investigation wasn't completed until April 6, 2026 — nearly nine months after the breach — and notifications only began on May 21, 2026.

This is RAR's second significant breach in under two years. In 2024, RAR disclosed a separate April 2024 breach that affected 1.4 million people. Two breaches at the same organization in two years, with an investigation timeline measured in months, points to a structural governance problem rather than a single security failure.

What made it an NHI problem: The breach originated via access to internal systems — systems that third-party billing, imaging platform, and care-coordination vendors routinely connect to via integration credentials. These credentials are provisioned once, given sufficient access to do the vendor's job, and then live indefinitely in the vendor's infrastructure. When an attacker compromises the vendor, they inherit every NHI that vendor holds. RAR's own staff didn't initiate the access that exfiltrated 266,183 patients' records. A token did.

DocketWise, an immigration and legal case management platform used by law firms serving healthcare clients, notified 143,000 individuals in April 2026 that their most sensitive personal data had been exposed. The data types compromised read like a forensic examiner's nightmare: names, addresses, Social Security numbers, dates of birth, driver's license numbers, passport numbers, financial account numbers and access credentials, payment card numbers, governmental identification numbers, tax identification numbers, health insurance policy numbers, medical condition or treatment information, and non-financial account usernames and passwords.

How it happened: In October 2025, an unauthorized actor used valid credentials to clone third-party partner repositories that were part of DocketWise's data migration pipeline. Some of those repositories contained unstructured data belonging to law firm clients and their customers. This is the NHI breach pattern in its purest form: a third-party integration token used to access a data migration pipeline, yielding the complete personal and medical record for 143,000 people.

The notification delay: DocketWise discovered the breach in October 2025 but didn't send notifications until April 3, 2026 — five months later. That gap has already triggered class action lawsuit investigations. Under HIPAA's Breach Notification Rule, covered entities and business associates must notify affected individuals within 60 days of discovery. A five-month delay at a company handling health insurance policy numbers and medical condition data represents a potential HIPAA enforcement action in addition to civil litigation.

When a healthcare organization onboards a billing vendor, a radiology platform vendor, or a data migration partner, the integration workflow typically looks like this:

1. Provisioning: IT issues the vendor a service account or API key with the permissions required to perform their contracted function — read/write to billing records, access imaging data, pull patient demographics for migration.
2. Activation: The vendor uses the credential to set up their integration. It works. The project goes live.
3. Ongoing operations: The credential lives in the vendor's infrastructure. No one at the healthcare organization monitors it. No behavioral baseline is established. No anomaly threshold is set. The token becomes invisible — even to the healthcare org's own IT team.
4. Breach: An attacker compromises the vendor. They find the credential in the vendor's environment — in a repository, in an environment variable, in a secrets manager with weak access controls. They use it. It authenticates. It works exactly as intended.
5. Discovery: The healthcare organization discovers the breach months later — in the case of RAR, nine months later — when a forensic firm completes its investigation.

HIPAA's Business Associate Agreement (BAA) framework requires vendors to protect PHI. But a BAA is a contractual obligation, not a runtime control. It does nothing to monitor whether the vendor's integration token is being used by the vendor — or by someone who stole it from the vendor's infrastructure.

The gap is structural: HIPAA governs data custody. It was never designed to govern non-human identity behavior at runtime.

NYC Health + Hospitals — the largest public hospital system in the United States — disclosed that an unauthorized actor had access to parts of its network from late November 2025 through February 2, 2026, via a third-party vendor compromise. The data exposed included medical records, government-issued IDs, geolocation data, and fingerprint and palm-print biometrics — 1.8 million individuals total.

The dwell time (approximately 75 days) and scope (biometric data) make this the most severe healthcare NHI breach of 2026. The attacker maintained persistent access through the vendor's integration credentials for over two months before detection.

KYA catalogs every non-human identity in your environment — every service account, API key, OAuth token, and pipeline credential that vendors, integrations, and AI agents use to access your systems. This includes vendor-issued credentials you may not have known existed.

At provisioning, KYA establishes a behavioral baseline: what endpoints this NHI accesses, what query volumes are normal, what data types it touches, what times of day it's active. Any deviation — a billing vendor credential suddenly querying oncology records, a migration tool accessing data after the migration project closed, a radiology platform token logging in from an IP outside the vendor's ASN — triggers an anomaly alert in real time.

In the Oncology Institute, RAR, and DocketWise breaches, the attacker used stolen credentials that behaved exactly like the vendor's intended usage — but KYA's behavioral baseline would have flagged the query volume escalation and the source infrastructure change that separated legitimate vendor access from attacker access.

When AI agents and third-party integrations access healthcare data, PII Shield intercepts and redacts PHI at the integration boundary — inline, before data reaches the vendor's system. This means even a compromised integration credential cannot exfiltrate raw PHI: the data has already been de-identified, tokenized, or redacted according to HIPAA Safe Harbor or Expert Determination standards.

PII Shield integrates with RuntimeAI's AI Integration Fabric — the governed layer through which all vendor and agent access flows. Every API call, every data pull, every migration pipeline runs through a policy-enforced channel that applies PHI protection rules automatically, without requiring the vendor to change their integration code.

HIPAA requires covered entities and business associates to maintain detailed access logs for PHI. The problem: when a vendor is breached, their logs are often the first thing attackers destroy or corrupt. DocketWise's five-month notification delay almost certainly reflects a forensic investigation that had to reconstruct the attack from degraded or incomplete vendor logs.

RuntimeAI's Audit Black Box records every NHI action — every API call, every data access, every query — in a tamper-proof, cryptographically signed log that lives in your environment, not the vendor's. When the vendor is breached and their logs are gone, your Audit Black Box still has the complete forensic record. When OCR requests your HIPAA audit evidence, the answer is days, not months.

HIPAA's minimum necessary standard requires that vendor access be limited to only the PHI needed for the contracted function. In practice, this principle is enforced at provisioning — through contract and BAA — but not at runtime. A billing vendor provisioned to access billing records can, in practice, query patient demographics, clinical notes, and imaging results if the underlying permissions allow it.

RuntimeAI's Policy Engine enforces minimum necessary at runtime, not just at provisioning. Policies written in Rego (OPA) define exactly what data types a given vendor NHI can access, under what conditions, at what volumes, and during what time windows. If a billing vendor credential attempts to query clinical records — even with a valid token — the Policy Engine rejects the request and logs the violation.