Healthcare AI platform Xsolis suffers data breach impacting 1.4M individuals

Xsolis, a health tech company that provides AI-powered utilization management, revenue cycle and payer-provider collaboration solutions, has disclosed a data breach that impacted 1.4 million individuals. The vendor has ranked Best in KLAS for physician advisory services for five years in a row, serving healthcare organizations across the country.

According to a data breach notice provided to the California Attorney General's Office, Xsolis experienced a targeted phishing attack on Jan. 22, 2026. Upon discovery, the firm said it immediately contained the issue and terminated the unauthorized access. It has not discovered any evidence of misuse of the impacted data.

During the incident, the unauthorized individual acquired files containing names, addresses, dates of birth, Social Security numbers, medical treatment information and health insurance information.

Xsolis established a call center to answer questions about the breach and provided access to free credit monitoring and identity protection services for affected individuals.

Xsolis did not publish a list of impacted healthcare organization clients. However, some organizations have published their own notices, including Mayo Clinic, which said it learned of the incident on April 23, 2026.

"Mayo Clinic took immediate action to assess the potential impact and to ensure that Xsolis was appropriately responding to the incident," Mayo Clinic's notice to patients stated. Mayo Clinic did not specify how many of its patients were impacted.

University of Washington Medicine published a notice on its website, stating that approximately 23,600 UW Medicine patients were affected. Virginia-based VHC Health also posted a link to Xsolis' data breach notice on its website.

New research from managed IT and security services vendor Omega Systems shows that third-party data breaches remain a significant threat to healthcare organizations. The company surveyed 200 healthcare executives and IT leaders on the healthcare threat landscape. About 85% of respondents said their organizations experienced at least one operational disruption caused by a third-party vendor in the past year.

Additionally, 24% of respondents named "not knowing their vendor network's security posture" as one of their top IT concerns, highlighting the prevalence of third-party data breaches and the challenges with ongoing vendor risk management.

"The third-party attack surface is wide, growing, and under-monitored," the report stated. "For healthcare practices that have not yet experienced a consequential breach through a vendor connection, that may reflect good fortune more than a strong defense."

Jill Hughes has covered health tech news since 2021. Her coverage areas include cybersecurity, HIPAA compliance, interoperability, AI and EHRs.