Xsolis Discloses Data Security Incident Affecting Patient Information
Xsolis, a vendor providing case and utilization management services, announced on June 5, 2026, that it experienced a data security incident that may have involved personal and protected health information.
According to the company's notice, it became aware of unauthorized activity on January 22, 2026, stemming from a targeted phishing attack two days earlier. An investigation determined an unauthorized actor accessed parts of the Xsolis environment and acquired a limited number of files. The company stated it immediately contained the activity and terminated the unauthorized access.
Potentially compromised information includes names, addresses, dates of birth, Social Security numbers, health insurance information, and medical treatment information. As of the announcement, Xsolis reported it was not aware of any actual or attempted misuse of the data.
Xsolis engaged external cybersecurity experts, notified law enforcement, and is offering complimentary identity monitoring services to individuals who receive a notification letter. The company has established a dedicated phone line and website for those affected.