US healthcare AI platform Xsolis confirms data breach affecting 1.4 million people

Xsolis confirmed a phishing breach on January 22, 2026, exposing the data of 1.39 million people.
Stolen information includes names, addresses, dates of birth, social security numbers, health insurance and medical treatment details; no ransom demands or leaks on the dark web yet
Customers received free credit monitoring and identity theft protection, with warnings to watch for phishing and fraud attempts.

Health technology company Xsolis has revealed a cyberattack in which it lost sensitive data on nearly 1.4 million customers.

Xsolis is a company that uses AI to help healthcare organizations make faster, more consistent decisions about patient care and utilization management. Earlier this week, it posted a data breach notification on its website, claiming to have spotted the intrusion on January 22, 2026.

Apparently, after a successful phishing attack against one of its employees two days earlier, the attackers were able to access a “limited portion” of the Xsolis environment, from which they were able to exfiltrate names, addresses, dates of birth, health insurance information, social security numbers, and medical treatment information.

Nearly 1.4 million victims

This level of information is more than sufficient to target these individuals with phishing or even steal their identities for more disruptive attacks elsewhere.

In a filing with the U.S. Department of Health and Human Services, Xsolis confirmed that 1,396,519 people were affected by this breach.

“We have taken steps to address the incident and are committed to protecting the information entrusted to us,” Xsolis said in the statement. “Upon learning of this incident, we immediately began an investigation and reported the incident to law enforcement. We have also implemented additional safeguards to further strengthen the security of the information in our possession and to help prevent similar incidents from occurring in the future.”

So far, there is no evidence that the data is used in subsequent attacks or offered on the dark web. No malicious actor has yet claimed responsibility for the attack, and no one has yet demanded a ransom in exchange for the files.

Xsolis has asked its customers to be wary of incoming messages, especially those that claim to be from the company or use it in any other context. Customers also benefit from free credit monitoring and identity theft protection services, as well as fraud alerts and credit freezes.