Xsolis Data Breach Affects 1.4 Million People

Xsolis Data Breach Affects 1.4 Million People 🚨

Xsolis has disclosed a significant data breach impacting 1.4 million individuals due to a phishing attack that exposed personal and health data from its hospital clients’ systems. The Tennessee-based healthcare tech company provides utilization management and revenue cycle solutions for healthcare providers. According to the US Department of Health and Human Services (HHS), the number of affected individuals is 1,396,519.

The company became aware of unauthorized access on January 22, 2026, following a phishing attack two days earlier. The security breach exposed personal and protected health information received from Xsolis’s hospital and payer clients.

“On January 22, 2026, Xsolis became aware of unauthorized activity impacting a limited portion of the Xsolis environment resulting from a targeted phishing attack on January 20, 2026. We immediately contained the activity and launched an investigation with the assistance of external cybersecurity experts.”

The investigation revealed that an unauthorized actor acquired certain files containing sensitive information, which may include names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment details. Fortunately, there are no known instances of actual or attempted misuse of the information due to this incident.

Xsolis has launched an investigation into the incident, reported it to law enforcement, and implemented additional security safeguards to prevent similar events in the future. They are notifying potentially affected individuals by mail, providing details of the breach along with guidance on how to protect their information, including access to free credit monitoring and identity protection services. A toll-free call center has also been established to assist affected individuals, answer questions, and support enrollment in protection services.

Individuals are advised to stay alert for identity theft and fraud by regularly reviewing credit reports, account statements, and explanations of benefits for suspicious activity or errors. Under U.S. law, they can obtain one free credit report annually from each major bureau: TransUnion, Experian, and Equifax. They may also place free fraud alerts on their credit files, with extended alerts available for identity theft victims for up to seven years. Alternatively, individuals can request a credit freeze at no cost, which restricts access to credit, loans, and services without explicit consent.

For more information, Read full article