healthcare · BleepingComputer
Healthcare technology company Xsolis disclosed a data breach affecting approximately 1.4 million individuals. The company detected unauthorized network activity on January 22, 2026, resulting from a targeted phishing attack that occurred two days earlier. The breach exposed sensitive personal and medical information, including names, addresses, dates of birth, Social Security numbers, health insurance information, and medical treatment details. Xsolis provides AI-powered software to over 600 hospitals and health insurers for utilization management and reimbursement decisions. The company reports it contained the activity immediately, engaged external cybersecurity experts, and notified affected individuals. Xsolis has implemented additional security measures including password resets, enhanced system monitoring, and accelerated employee security training.
Healthcare providers and payers using Xsolis or similar third-party platforms should assess how patient data flows through vendor environments and verify contractual requirements for breach notification timelines and incident response procedures. For HIPAA-covered entities, this incident underscores the importance of validating that business associates have reasonable and appropriate safeguards in place, particularly around phishing resilience and access controls for sensitive health information. Organizations in regulated healthcare sectors should review their vendor risk management programs to ensure breach detection and containment capabilities are contractually defined and regularly audited. An Omniware engagement can scope vendor assessment frameworks and incident response readiness in detail.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/healthtech-firm-xolis-suffers-data-breach-impacting-14-million-people/
Source: BleepingComputer
All briefings