Healthcare technology company **Xsolis**, a U.S.-based firm specializing in AI-powered software for utilization management, has confirmed a data breach affecting nearly 1.4 million individuals. ### Phishing Attack Leads to Network Compromise The breach originated from a "targeted phishing attack" on January 20, 2026, which granted unauthorized access to a limited portion of the **Xsolis** network. The company detected the activity two days later, on January 22. Upon discovery, **Xsolis** states it took immediate action to contain the breach and launched a thorough investigation with the assistance of external cybersecurity experts. ### Exposed Data Includes Sensitive Health Information The investigation revealed that attackers successfully accessed specific files within the **Xsolis** environment containing extensive customer information. The compromised data includes: * Names * Addresses * Dates of birth * Health insurance information * Social Security numbers * Medical treatment information According to data submitted to the **U.S. Dept. of Health and Human Services**, a total of 1,396,519 individuals have been impacted by this incident. ### Remedial Actions and Victim Notification **Xsolis** has reported the incident to law enforcement and is in the process of notifying all potentially affected individuals via mail. The notification outlines immediate steps taken by the company, including: * Resetting passwords for all users and key accounts. * Increasing system monitoring. * Rolling out updated security measures. * Accelerating security training for employees. * Strengthening credential management mechanisms. For affected minors, notifications are being sent to their parents or legal guardians. Additionally, recipients are being offered a complimentary 12-month subscription to identity monitoring and identity theft restoration services through **Kroll**. While **Xsolis** is not currently aware of any attempted misuse of the exposed information, the company urges all affected individuals to remain alert for potential targeted attacks, including phishing attempts and identity theft.