Cyber Incident Victim: Xsolis, Inc.

On January 20, 2026, a targeted phishing attack resulted in unauthorized activity on Xsolis, Inc.’s network. Xsolis learned of the breach on or about January 22, 2026, after detecting the unauthorized access. Upon learning of the incident, Xsolis contained the issue and terminated the unauthorized access. The company’s response focused on isolating the affected systems and stopping further intrusion.

The breach may have affected at least 1.4 million individuals. Exposed information included names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment details. Individuals who received a data breach notification from Xsolis face an increased risk of identity theft and fraud. The scope of the compromised data highlights the sensitivity of the information held by the healthcare technology firm.

Edelson Lechtzin LLP, a national class action law firm with offices in Pennsylvania and California, launched an investigation into the Xsolis incident and is offering free case evaluations to potentially affected individuals. Xsolis is described as a healthcare technology company that uses AI software to help hospitals and insurers streamline care management decisions. The law firm handles data breach litigation as well as other class and collective actions involving securities fraud, antitrust violations, ERISA plans, wage theft, and consumer fraud.