Xsolis data breach exposes records of 1.4 million patients

Healthcare technology company Xsolis has disclosed a data breach that compromised sensitive information belonging to 1,396,519 individuals after attackers gained network access through a targeted phishing campaign.

Phishing attack breached Xsolis network in January 2026. The Tennessee-based firm detected unauthorized activity on January 22, 2026, resulting from a phishing attack that occurred on January 20. Xsolis immediately contained the incident and engaged external cybersecurity experts to investigate, according to its statement and filings with the U.S. Department of Health and Human Services reported by multiple outlets including Security Affairs, SecurityWeek, and TechRadar.

The company, which develops AI-powered software used by more than 600 hospitals and health insurers, confirmed the attackers accessed files containing customer and patient data. No evidence of attempted misuse has been identified, but Xsolis is warning affected individuals to monitor for potential targeted attacks such as phishing or identity theft.

Compromised data includes names, SSNs, and medical details. The exposed information encompasses names, addresses, dates of birth, health insurance details, Social Security numbers, and medical treatment information. These records relate to patients whose data was processed through Xsolis platforms, including its flagship Dragonfly software that analyzes clinical data in real time for utilization management, medical necessity reviews, patient status determinations, discharge planning, and reimbursement decisions.

Xsolis reported the breach to law enforcement and notified impacted individuals by mail. For cases involving children, notifications are sent to parents or legal guardians. The company has also offered affected people enrollment in a 12-month identity monitoring and identity theft restoration service provided by Kroll.

Post-breach security upgrades rolled out across the organization. In response, Xsolis reset passwords for all users and key accounts, increased system monitoring, and completed deployment of updated security measures. The firm accelerated its employee security training program and strengthened credential management mechanisms. The incident was added to the HHS breach tracker on June 22, 2026, prompting the current round of notifications.

Xsolis continues to emphasize vigilance among those affected while stating it has no indication the stolen data has been misused to date. The breach highlights ongoing risks to healthcare technology providers handling large volumes of protected health information.