US healthcare AI platform Xsolis confirms data breach affecting 1.4 million people

Xsolis confirmed a phishing-enabled breach on January 22, 2026, exposing data of 1.39 million people
The stolen information includes names, addresses, date of birth, social security number, health insurance and medical treatment details; no ransom demands or dark web leaks yet
Customers were offered free credit monitoring and identity theft protection, with warnings to watch out for phishing and fraud attempts.

Healthcare technology company Xsolis revealed a cyberattack in which it lost sensitive data of nearly 1.4 million customers.

Xsolis is a company that uses AI to help healthcare organizations make faster, more consistent decisions about patient care and utilization management. Earlier this week, it posted a data breach notification on its website, saying it detected the intrusion on January 22, 2026.

Apparently, after a successful phishing attack on one of their employees two days earlier, the attackers were able to access a “limited portion” of the Xsolis environment, from which they were able to extract people’s names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information.

Almost 1.4 million victims

This level of information is more than enough to attack these people with phishing or even steal their identity to carry out more disruptive attacks elsewhere.

In a filing with the US Department of Health and Human Services, Xsolis confirmed that 1,396,519 people were affected by this breach.

“We have taken steps to address the incident and are committed to protecting the information entrusted to us,” Xsolis said in the announcement. “Upon learning of this incident, we immediately began an investigation and reported the incident to authorities. We also implemented additional safeguards to further improve the security of the information in our possession and help prevent similar incidents from occurring in the future.”

So far, there is no evidence that the data was used in subsequent attacks or offered on the dark web. No threat actors have yet claimed responsibility for the attack and no one has yet demanded a ransom in exchange for the files.

Xsolis asked its customers to be careful with incoming messages, especially those purporting to be from the company or used in any other context. Customers are also offered free credit monitoring and identity theft protection services, as well as fraud alerts and credit freezes.