Xsolis Confirms Data Breach Exposing 1.4 Million Records

Healthcare technology company Xsolis confirmed a data breach affecting nearly 1.4 million individuals after attackers gained access to its network through a targeted phishing attack. The incident exposed a broad range of sensitive personal and medical information, raising serious concerns for patients and healthcare providers whose data the company held.

What Happened in the Xsolis Data Breach

The attack began on January 20, 2026, when threat actors used phishing to compromise Xsolis systems. The company detected the unauthorized activity two days later and moved quickly to contain it, bringing in external cybersecurity experts to support the investigation.

Xsolis operates across more than 600 hospitals and health insurers in the United States. Its AI-powered platform, Dragonfly, analyzes clinical data in real time to help providers and payers make decisions on patient care, medical necessity, utilization management, and insurance reimbursements. That role gives the company access to deep, sensitive records on a large number of patients.

What Data Was Exposed

Investigators found that attackers had accessed files containing a significant volume of customer information. The data exposed in the Xsolis data breach includes:

• Full names
• Home addresses
• Dates of birth
• Health insurance information
• Social Security numbers
• Medical treatment information

The combination of Social Security numbers and medical records makes this breach particularly serious. Victims face risks that go beyond standard identity theft. Medical identity fraud, where someone uses another person's insurance details to obtain care or file false claims, can take months or years to detect and cause lasting damage to a person's health records and financial standing.

Scale Confirmed by Federal Filing

According to data submitted to the U.S. Department of Health and Human Services, the Xsolis data breach affected 1,396,519 individuals. That figure places this incident among the more significant healthcare data breaches disclosed so far in 2026.

Xsolis has said it found no evidence that the exposed data has been misused. However, the company is urging affected individuals to remain alert. Stolen records from healthcare organisations tend to circulate on darkweb marketplaces, sometimes surfacing months after the initial breach.

How Xsolis Responded

After confirming the breach, Xsolis reported the incident to law enforcement and notified relevant authorities. On the technical side, the company reset passwords for all users and key accounts, increased system monitoring, and completed the rollout of updated security measures. Credential management processes were also strengthened.

Xsolis also accelerated its employee security training program, a direct response to the phishing vector that enabled the attack. Phishing remains one of the most effective ways attackers gain initial access to corporate networks. A single successful lure is often enough to open the door to sensitive systems.

Affected individuals are being notified by mail. Each notification includes instructions for enrolling in a 12-month identity monitoring and identity theft restoration service provided through Kroll. Where the affected individual is a minor, Xsolis is directing notifications to the child's parent or legal guardian.

Why Healthcare Remains a High-Value Target

The Xsolis breach is part of a persistent pattern in the healthcare sector. Medical records consistently attract strong demand on criminal marketplaces because they contain exactly the kind of information needed to commit fraud: names, birthdates, insurance numbers, and Social Security numbers, all in one place.

Healthcare technology firms occupy a particularly exposed position. They sit between providers, payers, and patients, often processing data across hundreds of institutions simultaneously. A single breach at a platform level can scale quickly, as this incident shows.

Phishing is the entry point in a growing share of healthcare breaches. Attackers invest time in crafting convincing lures that exploit the volume of clinical communications healthcare workers handle daily. Traditional security awareness training has not kept pace with the sophistication of modern phishing campaigns, and many organisations are now rethinking how they approach human-layer defences.

What Affected Individuals Should Do

Anyone who receives a notification letter from Xsolis should act on it without delay. Enrolling in the Kroll monitoring service is the first step. Beyond that, affected individuals should review their health insurance statements for any services they do not recognise, place a fraud alert or credit freeze with the major credit bureaus, and monitor their credit reports closely over the coming months.

Given the inclusion of Social Security numbers in the exposed data, a credit freeze is worth considering. It prevents new accounts from being opened in your name without your explicit authorisation and costs nothing under U.S. law.

The investigation is ongoing. If Xsolis identifies additional affected individuals or discovers evidence of misuse, further notifications are likely to follow.