Xsolis, Inc. (“Xsolis”), a vendor that provides case and utilization management services to healthcare organizations, has issued notice of a data security incident that may have involved personal and protected health information provided by its clients.
Xsolis, Inc.’s Data Breach Investigation
According to Xsolis, the company became aware of unauthorized activity affecting a limited portion of its environment on January 22, 2026. The incident resulted from a targeted phishing attack that occurred on January 20, 2026.
After discovering the activity, Xsolis stated that it immediately contained the incident and launched an investigation with the assistance of external cybersecurity experts. The investigation determined that an unauthorized actor acquired certain files containing personal and protected health information.
Xsolis said it reported the incident to law enforcement and implemented additional safeguards to further enhance the security of information in its possession. The company also stated that it is mailing notice letters to potentially affected individuals and offering access to free credit monitoring and identity protection services.
When Did This Breach Occur?
The Xsolis data security incident stemmed from a targeted phishing attack that occurred on January 20, 2026. Xsolis became aware of unauthorized activity affecting a limited portion of its environment on January 22, 2026.
After learning of the incident, Xsolis said it immediately contained the activity and began investigating with outside cybersecurity experts. The investigation determined that an unauthorized actor acquired certain files containing information related to some individuals.
Xsolis has stated that it is not aware of any actual or attempted misuse of information because of the incident. However, the company is still notifying potentially affected individuals and providing steps they can take to monitor and protect their information.
Individuals who receive a notice letter from Xsolis should review it carefully to determine whether their personal or protected health information may have been involved. They should also pay close attention to any deadlines for enrolling in offered protection services.
What Information Was Breached?
The information involved in the Xsolis data breach may vary by individual. According to Xsolis, the affected files may have included names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information.
This type of information is highly sensitive. Social Security numbers may be used in identity theft schemes, while health insurance and medical treatment information can expose private details about a person’s healthcare. Names, addresses, and dates of birth can also be used by scammers to support phishing attempts or fraudulent applications.
Xsolis has stated that it is not aware of any actual or attempted misuse of information related to this incident. However, affected individuals should still take the breach seriously because personal and protected health information can remain valuable to criminals long after a breach occurs.
Consumers who receive a notice from Xsolis should read it closely to determine what specific information may have been involved in their case.
What You Can Do
If you received a notice from Xsolis, you should carefully review the letter and follow the instructions for enrolling in any free credit monitoring and identity protection services offered by the company.
You should also monitor your credit reports, financial account statements, and explanation of benefits forms for suspicious activity or errors. If you see unfamiliar accounts, unauthorized charges, or healthcare services you did not receive, report them immediately.
Affected individuals may consider placing a fraud alert or credit freeze with the major credit bureaus. A fraud alert tells creditors to take extra steps to verify your identity before opening new accounts. A credit freeze can help prevent new credit, loans, or services from being approved in your name without your consent.
You should also remain alert for phishing emails, phone calls, or text messages that reference Xsolis, healthcare services, insurance information, or the data breach. Keep a copy of your notice letter and records of any time or money spent responding to the incident.
File a Data Breach Lawsuit Against Xsolis, Inc.
If you received notice that your personal or protected health information was involved in the Xsolis data breach, you may have legal rights. Companies that collect, store, or process sensitive personal and healthcare information are expected to take reasonable steps to protect that data.
The Xsolis breach may have involved names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information. Exposure of this type of information may place affected individuals at risk of identity theft, fraud, medical identity theft, and other privacy-related harms.
Data breach victims may be able to seek compensation for losses such as fraudulent charges, identity theft expenses, credit monitoring costs, time spent addressing the breach, and other damages related to the exposure of their information.
Class Action U is investigating the Xsolis, Inc. data breach and helping affected individuals understand their rights. If you received a data breach notice from Xsolis, Inc., contact Class Action U today to learn whether you may qualify to take legal action.
