Phishing attack on healthcare firm Xsolis impacts 1.4 million people

Healthcare technology company Xsolis confirmed that a phishing attack resulted in unauthorized access to its network.

The company develops AI-powered software for hospitals, health systems, and health plans and serves more than 600 hospitals and health insurers.

“On January 22, 2026, Xsolis became aware of unauthorized activity impacting a limited portion of the Xsolis environment resulting from a targeted phishing attack on January 20, 2026,” Xsolis said.

Xsolis said it took immediate action to contain the incident and launched an investigation with the assistance of external cybersecurity experts.

The investigation determined that attackers acquired certain files containing information that, depending on the individual, may include names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information.

According to data submitted to the U.S. Department of Health and Human Services, the incident impacted 1,396,519 individuals.

Xsolis also noted that it reported the incident to law enforcement, implemented additional security measures, and is notifying potentially affected individuals by mail.

“We have also established a toll-free call center to answer questions about the incident, provide access to free credit monitoring and identity protection services for eligible potentially affected individuals, and address related concerns,” they stated.

Despite describing the incident as limited, the company is urging those affected to remain vigilant against identity theft and fraud.

At the time of writing, no threat actor had publicly claimed responsibility for the incident.

Xsolis is the third healthcare technology company to disclose a cyber incident in less than a month, following breaches at iRhythm Technologies and Novo Nordisk.