Emerging ThreatsData Breaches

Xsolis Data Breach Exposes 1.4 Million People's Sensitive Information

Analyst 207||Source: BleepingComputer
Concerned medical staff in a brightly-lit hospital corridor with a foreground computer terminal.
“On January 22, 2026, Xsolis became aware of unauthorized activity impacting a limited portion of the Xsolis environment resulting from a targeted phishing attack on January 20, 2026,” Xsolis says.

Xsolis investigation and timeline

Xsolis detected unauthorized activity on its network on January 22 after what the company describes as a “targeted phishing attack” two days earlier. The company says it immediately contained the activity and launched an investigation with the assistance of external cybersecurity experts. Xsolis also reported the incident to law enforcement and provided data on the scope of the compromise to the U.S. Department of Health and Human Services (HHS).

Scale and types of data accessed

According to the information Xsolis provided to HHS, 1,396,519 individuals had sensitive information contained in files accessed by the attackers. The company says the exposed records included names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information. Xsolis also said it is not aware of any attempted misuse of the exposed information but is warning affected individuals to remain alert for potential targeted attacks.

Dragonfly customers: more than 600 hospitals and health insurers

Xsolis is a U.S.-based healthcare technology firm whose AI-powered software is used by more than 600 hospitals and health insurers for utilization management, medical necessity reviews, patient status determinations, discharge planning, and reimbursement decisions. Its flagship platform, Dragonfly, analyzes clinical data in real time to help providers and payers make decisions on patient care and insurance coverage. The company did not say in the notice which customers or specific facilities were affected.

Xsolis’s technical and customer-facing response

A sample of Xsolis’s notification to affected people and customers lists a set of immediate and follow-up measures. The company reset passwords for all users and key accounts, increased system monitoring, and completed the rollout of updated security measures. Xsolis accelerated its employee security training program and says it strengthened mechanisms for managing credentials. The company is notifying potentially affected individuals by mail; if the affected individual is a child, the notice will be sent to parents or legal guardians. Recipients are offered enrollment in a 12-month identity monitoring and identity theft restoration service through Kroll.

What this means for patients, hospitals and health insurers, and regulators

  • Patients: Individuals whose information was contained in the accessed files should expect mailed notifications, can enroll in the 12-month Kroll monitoring and restoration service offered by Xsolis, and have been asked to stay alert for targeted attacks despite the company saying it is not aware of misuse.
  • Hospitals and health insurers that use Dragonfly: Organizations that rely on Xsolis’s AI platform for utilization and coverage decisions will need to confirm whether their own data or patients were involved, verify the changes Xsolis implemented, and assess any contractual or operational impacts arising from the incident.
  • Regulators and law enforcement: The company provided breach data to HHS and reported the incident to law enforcement; those agencies will be positioned to assess regulatory notifications, potential civil or administrative follow-up, and broader privacy or security implications tied to the exposed data.

Detection gaps noted in the source

The source that reported this incident also included a technical claim from a Picus whitepaper: “Security teams log 54% of successful attacks and alert on just 14%.” That statement was presented in the reporting as context on how threats can move through environments unseen, underscoring why Xsolis and its customers emphasized containment, external expertise, and tightened monitoring after the phishing attack.

Xsolis’s account leaves a clear, immediate fact: sensitive data tied to nearly 1.4 million people was accessed after a phishing compromise on January 20, 2026, and the company has taken a series of containment, notification, and remediation steps. Xsolis says it has no current evidence of misuse, but the types of information disclosed—names, dates of birth, Social Security numbers, health insurance and medical treatment details—are the exact data typically used in targeted fraud and identity-based schemes, which explains the company’s offer of monitoring and its push to harden credentials and training.

The company’s next practical steps are now matters for those who received notices, the hospitals and insurers that contract with Dragonfly, and the agencies that received the breach report. Xsolis has invited scrutiny by involving outside cybersecurity help and law enforcement; for nearly 1.4 million people, the immediate question remains whether the breach will produce downstream misuse despite the company’s current assessment.

Original reporting: https://www.bleepingcomputer.com/news/security/healthtech-firm-xolis-suffers-data-breach-impacting-14-million-people/

Data BreachEmerging ThreatsHealthcareSensitive Information ExposureU.S. Department Of Health And Human ServicesPhishing AttackXsolisTargeted Attack
Related Intelligence

Continue Reading

Manufacturing floor with industrial equipment and computer workstations.

Tata Electronics Hit by Cyberattack, Data Leaked

Tata Electronics recently fell victim to a cyberattack, but swift action was taken to contain the breach and minimize disruption, with the company confirming that its operations remained uninterrupted. The incident affected parts of its IT infrastructure, but established response protocols were activated to mitigate the impact.

Analyst 207
Rows of computer servers and networking equipment fill a brightly-lit network operations center, conveying a sense of…

FortiBleed Exposes 110 Million Credentials in Global Firewall Hack

A recent global firewall hack, dubbed FortiBleed, has exposed a staggering 110 million credentials, putting countless individuals and organizations at risk. This massive breach was made possible by a sophisticated five-stage pipeline that allowed hackers to capture sensitive information, including cleartext and hashed credentials, from compromised devices.

Analyst 207
Mac computer on cluttered desk with Terminal app open, displaying blurred commands.

MacOS ClickFix Attack Exploits Terminal Commands to Spread Infostealer

Beware of a sneaky new attack on macOS, known as ClickFix, that tricks you into pasting a Terminal command, allowing hackers to silently download and launch info-stealing malware on your device. This cleverly crafted scam starts with a fake CAPTCHA page, convincing victims to unwittingly give attackers a backdoor to their sensitive data.

Analyst 207
Dark laptop on a cluttered surface with scattered papers and coins, cityscape visible through a large window in the…

Algerian Man Charged with Running Cybercrime Marketplaces

Meet the Algerian man behind a daring cybercrime scheme that swindled hundreds of thousands of dollars from thousands of victims - all from the safety of his anonymous online hideout. He allegedly ran two illicit marketplaces, selling stolen bank account and credit card numbers, phishing kits, and other tools of financial fraud.

Analyst 207