Xsolis warns 1.4M after phishing breach exposes sensitive data

Xsolis phishing – U.S. healthcare AI firm Xsolis says a targeted phishing attack led to unauthorized access to files containing customer information for 1,396,519 people. The company says it has not seen misuse yet, but is notifying potentially affected individuals, resetting p

The message arrived quietly at first: on January 22, 2026, Xsolis discovered unauthorized activity on its network. The attack itself had happened two days earlier, through what the company calls a targeted phishing attempt.

For nearly 1.4 million people. that timing now marks the start of a difficult kind of uncertainty—one that comes after your data may be in the wrong hands. even if the misuse hasn’t shown up yet. Xsolis says it is not aware of any attempted misuse of the exposed information. Still, it is warning potentially affected individuals to stay alert for possible targeted attacks.

Xsolis is a U.S.-based healthcare firm that builds AI-powered software used by more than 600 hospitals and health insurers. Its tools support utilization management, medical necessity reviews, patient status determinations, discharge planning, and reimbursement decisions. At the center of that work is its flagship platform. Dragonfly. which analyzes clinical data in real time to help providers and payers make more informed. consistent decisions about patient care and insurance coverage.

In a statement. the company said: “On January 22. 2026. Xsolis became aware of unauthorized activity impacting a limited portion of the Xsolis environment resulting from a targeted phishing attack on January 20. 2026.” It added: “We immediately contained the activity and launched an investigation with the assistance of external cybersecurity experts.”.

That investigation found that the attackers accessed certain files in the Xsolis environment containing customer information, including names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information.

The scale is stark. According to data provided to the U.S. Department of Health and Human Services, 1,396,519 people are impacted.

Xsolis says it reported the incident to law enforcement. It also implemented additional security measures and began notifying potentially affected individuals by mail.

A sample of the breach notification describes steps the company took immediately after learning of the activity: it reset passwords for all users and key accounts, increased system monitoring, and completed the rollout of updated security measures.

Beyond the technical fixes, Xsolis says it accelerated a security training program for employees. It also strengthened mechanisms for managing credentials.

For families, the notice process carries an added layer. If the affected customer is a child, Xsolis says it will send the data notification to their parents or legal guardians.

Each recipient is told to enroll in a service provided through Kroll—specifically, a 12-month identity monitoring and identity theft restoration offering. The mail also includes instructions for how to take advantage of that support.

In the weeks ahead, the company’s next challenge won’t be limited to patching its environment. It will be helping people respond to the risk that phishing-driven access can follow them long after the breach is contained—especially when the accessed data includes identifiers like Social Security numbers and information tied to health insurance and medical treatment.

Xsolis data breach phishing attack healthcare AI Dragonfly utilization management identity monitoring Kroll Social Security numbers cybersecurity