US healthcare AI platform Xsolis confirms data breach affecting 1.4 million individuals

Xsolis confirmed a phishing-enabled breach on January 22, 2026, exposing the data of 1.39 million individuals
Stolen information includes names, addresses, DOBs, SSNs, health insurance and medical treatment details; no ransom demands or dark web leaks yet
Customers offered free credit monitoring and identity theft protection with warnings to watch out for phishing and fraud attempts

Health technology company Xsolis disclosed a cyber attack in which it lost sensitive data of nearly 1.4 million customers.

Xsolis is a company that uses artificial intelligence to help healthcare organizations make faster and more consistent decisions about patient care and utilization management. Earlier this week, it published a data breach notice on its website, saying it discovered the intrusion on January 22, 2026.

After a successful phishing attack on one of its employees two days earlier, the attackers were apparently able to gain access to a “limited portion” of the Xsolis environment, from which they were able to extract people’s names, addresses, dates of birth, health insurance information, social security numbers and medical treatment information.

Almost 1.4 million victims

This level of information is more than enough information to target these individuals with phishing or even steal their identity for more disruptive attacks elsewhere.

In a filing with the US Department of Health and Human Services, Xsolis confirmed that 1,396,519 people were affected by this breach.

“We have taken steps to address the incident and are committed to protecting the information entrusted to us,” Xsolis said in the announcement. “When we learned of this incident, we immediately began an investigation and reported the incident to law enforcement. We also implemented additional security measures to further improve the security of information in our possession and to help prevent similar incidents from occurring in the future.”

So far, there is no evidence that the data is being used in follow-up attacks or offered on the dark web. No threat actor has yet claimed responsibility for the attack, and no one has yet demanded a ransom in exchange for the files.

Xsolis told its customers to be wary of incoming messages, especially those pretending to be from the company, or using it in any other context. Customers are also offered free credit monitoring and identity theft protection, as well as fraud alerts and credit freezes.