Hendrick Health, Vendor Xsolis Sued Over Data Breach, Notification Delay
Potts Law Firm has filed a class action lawsuit against Hendrick Health and its technology vendor, Xsolis, Inc., following a data breach. The suit, filed in Taylor County, Texas, on behalf of patient Ada Louise McHenry and others, alleges the exposure of sensitive information and a failure to provide timely notification.
According to the lawsuit, a phishing attack on Xsolis on January 22, 2026, may have exposed patient data including Social Security numbers, medical record numbers, treatment information, and patient account details. Xsolis provides case management services to Hendrick Health.
The legal action alleges that affected patients were not notified of the breach until June 2026, more than 130 days after the unauthorized access reportedly occurred. The suit claims Hendrick Health and Xsolis failed to implement reasonable cybersecurity safeguards.
The plaintiffs are seeking damages and injunctive relief, citing an increased risk of identity theft and fraud. The proposed class includes all individuals who received a breach notification letter related to the incident.