US healthcare AI platform Xsolis confirms data breach that affects 1.4 million individuals

• Xsolis confirmed a phishing‑enabled breach on Jan 22, 2026, exposing data of 1.39M individuals
• Stolen info includes names, addresses, DOBs, SSNs, health insurance, and medical treatment details; no ransom demands or dark web leaks yet
• Customers offered free credit monitoring and identity theft protection, with warnings to watch for phishing and fraud attempts

Healthcare technology company Xsolis disclosed a cyberattack in which it lost sensitive data on almost 1.4 million customers.

Xsolis is a company that uses AI to help healthcare organizations make faster and more consistent decisions about patient care and utilization management. Earlier this week, it published a data breach notification on its website, saying that it spotted the intrusion on January 22, 2026.

Apparently, after a successful phishing attack on one of its employees two days earlier, the attackers were able to access a “limited portion” of the Xsolis environment, from which they were able to exfiltrate people’s names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information.

Almost 1.4 million victims

This level of information is more than enough information to target these individuals with phishing or even steal their identity for more disruptive attacks elsewhere.

In a filing with the US Department of Health and Human Services, Xsolis confirmed that 1,396,519 individuals were affected by this breach.

“We have taken steps to address the incident and are committed to protecting the information entrusted to us,” Xsolis said in the announcement. “Upon learning of this incident, we immediately began an investigation and reported the incident to law enforcement. We also implemented additional safeguards to further enhance the security of information in our possession and to help prevent similar incidents from occurring in the future.”

So far, there is no evidence of the data being used in follow-up attacks, or being offered on the dark web. No threat actors have yet claimed responsibility for the attack, and no one has yet demanded ransom in exchange for the files.

Xsolis told its customers to be wary of incoming messages, especially those pretending to be from the company, or using it in any other context. Customers are also offered free credit monitoring and identity theft protection services, as well as fraud alerts and credit freezes.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.