Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network.
Although the company is not aware of any attempted misuse of the exposed information, it is warning affected individuals to stay alert for potential targeted attacks.
Xsolis is a U.S.-based healthcare firm that develops AI-powered software used by more than 600 hospitals and health insurers for utilization management, medical necessity reviews, patient status determinations, discharge planning, and reimbursement decisions.
Its flagship platform, Dragonfly, analyzes clinical data in real time to help healthcare providers and payers make more informed, consistent decisions on patient care and insurance coverage.
On January 22, the company detected unauthorized activity on its network due to a “targeted phishing attack” that had occurred two days earlier.
Xsolis says that it took immediate action to contain the breach and launched an investigation with support from external cybersecurity experts.
“On January 22, 2026, Xsolis became aware of unauthorized activity impacting a limited portion of the Xsolis environment resulting from a targeted phishing attack on January 20, 2026,” Xolis says.
“We immediately contained the activity and launched an investigation with the assistance of external cybersecurity experts.”
The investigation found that the attackers had accessed certain files within the Xsolis environment containing customer information, including:
Names
Addresses
Dates of birth
Health insurance information
Social Security numbers
Medical treatment information
According to data passed to the U.S. Dept. of Health and Human Services, 1,396,519 people are impacted.
The company reported the incident to law enforcement, implemented additional security measures, and is notifying potentially affected individuals by mail.
A sample of the Xolis data breach notification states that the company reset passwords for all users and key accounts, increased system monitoring, and completed the rollout of updated security measures.
Additionally, the security training program for employees has been accelerated, and the mechanisms for managing credentials have been strengthened.
If the affected customer is a child, Xolis will send the data notification to their parents or legal guardians.
Recipients of the notifications will also find enclosed instructions on how to enroll in a 12-month identity monitoring and identity theft restoration service through Kroll.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
