Xsolis Data Breach Exposes PHI for 1.4 Million via Phishing
Healthcare technology firm Xsolis disclosed a data breach after a targeted phishing attack in January 2026 allowed unauthorized access to files containing personal and protected health information received from hospital and payer clients. The breach affects 1,396,519 individuals. No ransomware claim was reported and there is no known misuse of the data.
- personal-information
- protected-health-information
- ssn
- medical-records
A healthcare technology company called Xsolis has disclosed that a phishing attack in January 2026 allowed unauthorized access to files containing personal information and protected health information for 1,396,519 individuals.
According to public reporting, the breach occurred when attackers used targeted phishing to gain entry into Xsolis systems. The company, which works with hospitals and health payers, had received the sensitive files from its clients. The exposed data includes names, Social Security numbers, medical records, and other protected health information. SecurityWeek and BleepingComputer both reported that no ransomware group claimed responsibility and that Xsolis has found no evidence the information has been misused so far. The company notified affected individuals and regulatory authorities as required by law.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →