Current Report Regarding Cybersecurity Incident

The Oncology Institute, Inc. (the “Company”) is providing an update on a previously disclosed cybersecurity incident affecting a software service provider (“Vendor”). On May 20, 2026, Kroll, the third-party administrator for the Vendor, notified the Company of unauthorized access to certain information systems, including those containing patient data. The Company believes other healthcare providers were also affected. The Company has implemented its technology security and continuity plan, and operations remain largely unaffected. The Company is committed to protecting patient information and will offer credit monitoring services to those impacted. While an ongoing investigation aims to assess the full impact on operations, financial systems, and patient care, the Company currently believes the incident has not had a material impact. The Company is reserving all rights against relevant third parties and service providers.