Healthcare technology company Xsolis says a phishing attack compromised sensitive data belonging to nearly 1.4 million individuals.
The company, which develops AI-powered software used by more than 600 hospitals and health insurers, detected unauthorized activity on January 22, 2026, resulting from a targeted phishing attack two days earlier.
“We immediately contained the activity and launched an investigation with the assistance of external cybersecurity experts,” Xsolis said in a statement.
Attackers accessed files containing customer names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment data. According to data filed with the US Department of Health and Human Services, 1,396,519 people were affected.
Xsolis’s flagship platform, Dragonfly, analyzes clinical data in real time to help healthcare providers and payers make decisions about patient care and insurance coverage.
The company reported the incident to law enforcement, reset all user passwords, increased system monitoring, and accelerated employee security training. Affected individuals are being notified by mail and offered 12 months of identity monitoring and theft restoration through Kroll.
The breach notification states that Xsolis has also strengthened its credential management mechanisms and completed rolling out updated security measures.
