According to latest reports we found, Xsolis data breach affected 1,396,519 individuals. That figure makes it one of the larger healthcare-related data breaches disclosed in 2026 so far.
Xsolis first announced the incident in early June, saying it had found unauthorized activity in a limited part of its environment. The company said the incident came from a targeted phishing attack that began on January 20, 2026, and was detected on January 22.
The company said it interrupted and contained the activity, ended the unauthorized access, isolated affected hosts and user accounts, and brought in outside cybersecurity experts. Xsolis also said it notified law enforcement.
| Data Breach Detail | Latest Information |
|---|---|
| Company | Xsolis, Inc. |
| Industry | Healthcare technology and utilization management |
| People affected | 1,396,519 |
| Attack type | Targeted phishing attack |
| Attack date | January 20, 2026 |
| Detection date | January 22, 2026 |
| Possible data involved | Name, address, date of birth, health insurance information, Social Security number and medical treatment information |
| Misuse reported by company | Xsolis said it was not aware of actual or attempted misuse as of its notice |
What Xsolis Says Happened?
In its public notice, Xsolis said an unauthorized actor gained access to part of its environment and acquired a limited number of files during the period of unauthorized access.
The company said the files contained information it had received from clients. That point matters because the affected people may not have had a direct relationship with Xsolis. A patient may have visited a hospital or health system, while Xsolis handled data behind the scenes as a third-party vendor.
Xsolis said no unauthorized activity had been seen in its environment since January 22. It also said it reviewed security protocols and added measures meant to improve data and network security.
Protected health information can include medical details tied to a person, such as treatment information, health insurance information, identifiers and other data connected to care or payment. When that information appears together with names, dates of birth, addresses or Social Security numbers, affected people can face more risk than they would from a simple contact-information leak.
We have covered the wider risk behind healthcare systems and vendor security in our report on hospital cybersecurity and health IT investment. The Xsolis incident shows why third-party vendors now sit at the center of healthcare cyber risk.
Mayo Clinic Says Some Patient Information May Have Been Affected
Mayo Clinic said some patient information may have been affected by the Xsolis incident, according to ABC 6 News.
Mayo said it learned on April 23 that some patient information may have been affected by the third-party vendor incident. The health system said the incident was not specific to Mayo Clinic and involved information maintained by Xsolis for multiple customers.
Xsolis is notifying affected patients directly. That means people should not assume they are affected only because they received care from Mayo Clinic or another Xsolis customer. The most important sign is an official notice letter from Xsolis or a healthcare organization connected to the affected records.
What Information May Have Been Exposed?
The exposed data varies by person. Xsolis said the files may include several categories of information, depending on the individual.
- Name
- Address
- Date of birth
- Health insurance information
- Social Security number
- Medical treatment information
That list is serious because it can support more than one type of fraud. A Social Security number can be used in identity theft. Health insurance information can be used in medical fraud. Medical treatment information can expose private health details that cannot be replaced like a password or credit card.
Who Might Be Affected?
The people most likely to be affected are patients or health plan members whose information was handled by Xsolis for one of its healthcare clients.
Affected people may include current or former patients of healthcare organizations that used Xsolis systems or services. They may also include health plan members whose information was sent to Xsolis for utilization management, case review, revenue cycle work or related healthcare operations.
The safest way to know is not to guess based on a hospital name. People should watch for a mailed notice from Xsolis or from a healthcare organization connected to the incident. The notice should explain what kind of information was involved for that person and how to enroll in offered monitoring services.
Why A Third-Party Data Breach Can Affect Hospital Patients
Hospitals and insurers do not handle every part of healthcare operations alone. They work with vendors for billing, claims review, utilization management, analytics, scheduling, software and administrative support.
That vendor network helps healthcare organizations run faster, but it also creates risk. A patient may trust a hospital with information, while a third-party company later stores, reviews or processes part of that data.
We previously explained this problem in our report on how healthcare providers protect patient data.
What Affected People Should Do Now?
Anyone who receives a notice tied to the Xsolis data breach should read it carefully and keep it. The letter should say what data may have been involved and whether the person is eligible for free identity monitoring.
Xsolis said it is offering complimentary identity monitoring services to people who receive a notice letter. The services include credit monitoring, fraud consultation and identity theft restoration.
People who may be affected should also review health insurance statements, explanation of benefits notices, bank statements and credit reports. Medical identity theft can show up as unfamiliar services, bills, claims or insurance activity.
Steps To Take After The Data Breach
- Read the notice letter and check which information may have been involved.
- Enroll in the free monitoring service if the notice offers it.
- Review credit reports for new accounts or unfamiliar activity.
- Check health insurance statements for services or claims you do not recognize.
- Watch for phishing calls, texts or emails that mention the breach.
- Place a fraud alert or credit freeze if a Social Security number was involved.
- Keep copies of letters, emails and suspicious activity reports.
Phishing Remains A Healthcare Security Problem
Xsolis described the incident as a targeted phishing attack. Phishing remains one of the most common ways attackers gain access to company systems because it targets people rather than only software flaws.
A phishing email can trick an employee into entering login credentials, approving a fake request or opening a malicious attachment. Once attackers gain access, they can search for files, move through systems or copy data.
SecurityWeek reported that no known ransomware group had publicly claimed responsibility for the Xsolis incident at the time of its report. That detail matters because some healthcare data breaches involve extortion groups that publish stolen data. Xsolis said it was not aware of actual or attempted misuse of information because of the incident.
Medical Data Is More Sensitive Than A Basic Account Leak
A stolen password can be changed. A payment card can be replaced. Medical history, Social Security numbers and dates of birth are different.
Health data can reveal diagnoses, treatments, insurance relationships and other private details. Criminals can also combine medical data with Social Security numbers and addresses to create more convincing scams.
That is why healthcare data breaches draw regulatory scrutiny. The HHS Office for Civil Rights maintains a public breach portal for health information incidents affecting 500 or more people, and its page explains the federal reporting framework for breaches of unsecured protected health information.
Legal Firms Are Already Reviewing The Incident
Law firms have begun investigating possible claims tied to the Xsolis incident. Edelson Lechtzin LLP announced an investigation into the exposure of personal information after the company disclosed the breach, according to a PR Newswire notice carried by Morningstar.
Those investigations do not prove wrongdoing beyond what has been publicly disclosed. They show that attorneys are looking at whether affected people have claims related to notice timing, security practices, risk of identity theft or exposure of sensitive health information.
People who receive a breach notice should keep it because it may become important for identity monitoring, insurance follow-up or any future legal process.
Healthcare Cybersecurity Pressure Keeps Rising
The Xsolis breach arrives as healthcare organizations face more pressure to secure patient data, vendor access and third-party platforms. Hospitals and health insurers depend on software companies for daily operations, which makes vendor security part of patient privacy.
We have covered the regulatory side in our report on the HIPAA Security Rule overhaul. Healthcare organizations are being pushed toward more documented risk analysis, better technical safeguards and clearer incident response planning.
The Xsolis case also shows why AI-linked healthcare tools and analytics platforms carry special risk. When software is used to support care review, billing or utilization management, it may handle large volumes of patient data from several healthcare customers at once.
How To Avoid Scams After A Data Breach?
Large data breaches often trigger follow-up scams. Criminals may call or email people while pretending to be the company, a hospital, an insurer, a government office or a credit-monitoring service.
People should avoid clicking links in unexpected messages and should verify any phone number or website through the official breach letter. Scammers can use stolen details to sound convincing, especially if they know a person had care through a specific health system.
We have covered similar warning signs in our guide to fake federal agency texts and emails. The same habit applies here: do not trust a link, caller ID or urgent message just because it includes personal details.
FAQs
Bottom Line
The Xsolis data breach affects 1,396,519 people and is tied to healthcare data handled for hospitals, health systems and payers.
The possible exposed data includes information that can create long-term privacy and fraud risk, including Social Security numbers, health insurance information and medical treatment information.
People who receive a notice should treat it seriously, enroll in offered monitoring, review health insurance and credit records, and watch for scams that try to use the breach as bait.
